Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Policy based routing not working after upgrading to 2.1.5

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    10 Posts 4 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      plaj
      last edited by

      Hi All,
      after upgrading my pfsense to 2.1.5, policy based routing are not working.

      i have set a firewall rule to redirect https to a specific DSL link.
      it was working fine under 2.1.4, but it's not working now on 2.1.5.

      any help would be really appreciated.
      thanks,
      Regards,

      1 Reply Last reply Reply Quote 0
      • P
        plaj
        last edited by

        bad news : same issue after a full backup restore…

        1 Reply Last reply Reply Quote 0
        • P
          plaj
          last edited by

          it seems that no firewall rule is working… in fact...  ???

          1 Reply Last reply Reply Quote 0
          • K
            kejianshi
            last edited by

            I'd reinstall pfsense from fresh and then reinstall the firewall rules.  It happens.

            Maybe do a fresh install and then restore the last working config, but if that fails, just wipe/reinstall and enter settings by hand.

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              @plaj:

              it seems that no firewall rule is working… in fact...  ???

              Yikes! How are you testing that? Has the box been rebooted since the upgrade? Which install type?
              I experienced something similar when my default gateway changed (i'd enabled that in advanced) and some policy rules I thought were fixed turned out not to be.  ::)

              Steve

              1 Reply Last reply Reply Quote 0
              • P
                plaj
                last edited by

                The box has been rebooted, yes.
                I have 3 WAN interfaces. Everything is routed through the default Gateway now, but I need to forward everything on 443 TCP port through another WAN…
                nothing changed on the default Gateway. Do you think I may have to change something ?

                I think I need to install a new pfsense from scratch and try, as mentioned by kejianshi... it's boring but i don't see what else to do ...

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  If no firewall rules are working I would expect either the pf process is not running at all in which case would you get any traffic? I would at least expect to see all sorts of errors in the logs. It could be disabled for some reason, have you ever disabled filtering?
                  If it's just not matching any traffic then everything would be blocked.
                  How are you testing? What are you testing?

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • P
                    plaj
                    last edited by

                    Sorry for the late reply, i was busy last day to build up new pfsense install.

                    I have now a new pfsense, and i've set up every firewall rule one by one.
                    I think i undertand now what's exactly not working… i'll try to explain :

                    I have Multiwan (3 WAN) and CARP failover on 2 pfsenses virtual machines.
                    when I set my gateway on my computer to the LAN interface IP of my pfsense, everything is working fine.
                    when I set my gateway on the LAN CARP virtual IP of my pfsense, everything goes to the default gateway, and Multiwan is not working...

                    I thought it was my firewall rules that wasn't working, but it's probably something wrong with my virtual IP settings ??
                    is there something to change with VIP settings on 2.1.5 ?

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      I have no experience using CARP so I'm not the best person to help you here. However, why do you have a CARP VIP interface on the LAN? Is that on the backup VM? Something seems very wrong here. Can we have a network diagram please or at least a description.

                      Steve

                      1 Reply Last reply Reply Quote 0
                      • DerelictD
                        Derelict LAYER 8 Netgate
                        last edited by

                        I just had something happen after an upgrade to 2.1.5 and subsequent configuration of a traffic shaping that resulted in a bad set of rules.  This made all my WAN ports wide open as if there was no firewall running.  No NAT or anything from LAN.

                        What is the result of pfctl -vf /tmp/rules.debug

                        Does it error out or complete normally?

                        If you enter the following:

                        pfctl -vf /tmp/rules.debug

                        …rules output...

                        echo $?

                        you should see a zero.

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.