Policy based routing not working after upgrading to 2.1.5



  • Hi All,
    after upgrading my pfsense to 2.1.5, policy based routing are not working.

    i have set a firewall rule to redirect https to a specific DSL link.
    it was working fine under 2.1.4, but it's not working now on 2.1.5.

    any help would be really appreciated.
    thanks,
    Regards,



  • bad news : same issue after a full backup restore…



  • it seems that no firewall rule is working… in fact...  ???



  • I'd reinstall pfsense from fresh and then reinstall the firewall rules.  It happens.

    Maybe do a fresh install and then restore the last working config, but if that fails, just wipe/reinstall and enter settings by hand.


  • Netgate Administrator

    @plaj:

    it seems that no firewall rule is working… in fact...  ???

    Yikes! How are you testing that? Has the box been rebooted since the upgrade? Which install type?
    I experienced something similar when my default gateway changed (i'd enabled that in advanced) and some policy rules I thought were fixed turned out not to be.  ::)

    Steve



  • The box has been rebooted, yes.
    I have 3 WAN interfaces. Everything is routed through the default Gateway now, but I need to forward everything on 443 TCP port through another WAN…
    nothing changed on the default Gateway. Do you think I may have to change something ?

    I think I need to install a new pfsense from scratch and try, as mentioned by kejianshi... it's boring but i don't see what else to do ...


  • Netgate Administrator

    If no firewall rules are working I would expect either the pf process is not running at all in which case would you get any traffic? I would at least expect to see all sorts of errors in the logs. It could be disabled for some reason, have you ever disabled filtering?
    If it's just not matching any traffic then everything would be blocked.
    How are you testing? What are you testing?

    Steve



  • Sorry for the late reply, i was busy last day to build up new pfsense install.

    I have now a new pfsense, and i've set up every firewall rule one by one.
    I think i undertand now what's exactly not working… i'll try to explain :

    I have Multiwan (3 WAN) and CARP failover on 2 pfsenses virtual machines.
    when I set my gateway on my computer to the LAN interface IP of my pfsense, everything is working fine.
    when I set my gateway on the LAN CARP virtual IP of my pfsense, everything goes to the default gateway, and Multiwan is not working...

    I thought it was my firewall rules that wasn't working, but it's probably something wrong with my virtual IP settings ??
    is there something to change with VIP settings on 2.1.5 ?


  • Netgate Administrator

    I have no experience using CARP so I'm not the best person to help you here. However, why do you have a CARP VIP interface on the LAN? Is that on the backup VM? Something seems very wrong here. Can we have a network diagram please or at least a description.

    Steve


  • Netgate

    I just had something happen after an upgrade to 2.1.5 and subsequent configuration of a traffic shaping that resulted in a bad set of rules.  This made all my WAN ports wide open as if there was no firewall running.  No NAT or anything from LAN.

    What is the result of pfctl -vf /tmp/rules.debug

    Does it error out or complete normally?

    If you enter the following:

    pfctl -vf /tmp/rules.debug

    …rules output...

    echo $?

    you should see a zero.