Problem with NAT(reflection?) after upgrade from 2.0.1 to 2.1.5

  • We have an external Network A (NET-A) and an internal Network 192.168.9.x.
    We use Port-forwarding and Pools to redirect Traffic from an external IP to an internal IP/Cluster.
    Then we have "Manual Outbound NAT rule generation" on with rules wich we find in /tmp/rules.debug
    nat on $WAN  from to any -> (NET-A).122/32 port 1024:65535 
    nat on $WAN  from to any -> (NET-A.)115/32 port 1024:65535 
    nat on $WAN  from to any -> (NET-A).114/32 port 1024:65535

    these rules work.

    Then we have Rules for internal communication which worked in 2.0.1
    nat on $LAN  from to -> (NET-A).115/32 port 1024:65535 
    nat on $LAN  from to -> (NET-A).114/32 port 1024:65535

    When I try to connect from to via (NET-A.)115 I see the packet in tcpdump:
    13:02:33.154806 IP > Flags S, seq 2887008773, win 14600, options [mss 1460,sackOK,TS val 253039556 ecr 0,nop,wscale 7], length 0

    pfctl -s state | grep
    em2 tcp <- (NET-A).115:80 <-      CLOSED:SYN_SENT
    em2 tcp -> (NET-A).114:45381 ->      SYN_SENT:CLOSED

    But no paket leaves the firewall from (NET-A).114 to
    Again: this all worked perfectly with 2.0.1 for years.

    I found the "NAT Reflection mode for port forwards" in the advanced settings but enabling/disabling doesn't change anything.
    How can I solve the Problem? I found others have Problem with these reflection Rules but no real help:(

    I replaced the first 3 octects with (NET-A).

  • Hi,

    installed the haproxy-package and changed all LB-Jobs to the haproxy.
    Now everything is working fine again!

Log in to reply