Problem with NAT(reflection?) after upgrade from 2.0.1 to 2.1.5
-
We have an external Network A (NET-A) and an internal Network 192.168.9.x.
We use Port-forwarding and Pools to redirect Traffic from an external IP to an internal IP/Cluster.
Then we have "Manual Outbound NAT rule generation" on with rules wich we find in /tmp/rules.debug
nat on $WAN from 192.168.9.13/32 to any -> (NET-A).122/32 port 1024:65535
nat on $WAN from 192.168.9.128/28 to any -> (NET-A.)115/32 port 1024:65535
nat on $WAN from 192.168.9.160/28 to any -> (NET-A).114/32 port 1024:65535these rules work.
Then we have Rules for internal communication which worked in 2.0.1
nat on $LAN from 192.168.9.128/28 to 192.168.9.0/24 -> (NET-A).115/32 port 1024:65535
nat on $LAN from 192.168.9.160/28 to 192.168.9.0/24 -> (NET-A).114/32 port 1024:65535When I try to connect from 192.168.9.160 to 192.168.9.128/28 via (NET-A.)115 I see the packet in tcpdump:
13:02:33.154806 IP 192.168.9.160.34945 > 83.246.70.115.80: Flags S, seq 2887008773, win 14600, options [mss 1460,sackOK,TS val 253039556 ecr 0,nop,wscale 7], length 0pfctl -s state | grep 192.168.9.160
em2 tcp 192.168.9.132:80 <- (NET-A).115:80 <- 192.168.9.160:34947 CLOSED:SYN_SENT
em2 tcp 192.168.9.160:34947 -> (NET-A).114:45381 -> 192.168.9.132:80 SYN_SENT:CLOSEDBut no paket leaves the firewall from (NET-A).114 to 192.168.9.132??
Again: this all worked perfectly with 2.0.1 for years.I found the "NAT Reflection mode for port forwards" in the advanced settings but enabling/disabling doesn't change anything.
How can I solve the Problem? I found others have Problem with these reflection Rules but no real help:(I replaced the first 3 octects with (NET-A).
-
Hi,
installed the haproxy-package and changed all LB-Jobs to the haproxy.
Now everything is working fine again!