Update to 2.1.5 destroyed Port forwarding completely
-
Hello
Just made in inplace (auto) update from 2.0.1 to 2.1.5. After reboot none of the portfowards are working anymore.
I can configure/reconfigure what every I want, nothing helps. Rebooted many times, cleaned out all existing rules and recreated it new, etc.Removed and configured port forwards again with filter rules or just pass, no success
Outbound nat is set to default (automatic outbound nat rule generation)
I can even create a specific rule from my ip address to the ip behind the firewall, port forward isn't working.
Filter log shows nothing interesting.In pfctl -sn are some very strange entries which not really make sense. Are there any ideas why this happend?
Pfctl -sn output:
no nat proto carp all
nat-anchor "natearly/" all
nat-anchor "natrules/" all
nat on pppoe0 inet from 192.168.5.0/24 port = isakmp to any port = isakmp -> 213.xxx.228.27 port 500
nat on pppoe0 inet from 10.0.0.0/24 port = isakmp to any port = isakmp -> 213.xxx.228.27 port 500
nat on pppoe0 inet from 10.254.1.0/24 port = isakmp to any port = isakmp -> 213.xxx.228.27 port 500
nat on pppoe0 inet from 127.0.0.0/8 port = isakmp to any port = isakmp -> 213.xxx.228.27 port 500
nat on pppoe0 inet from 192.168.5.0/24 to any -> 213.xxx.228.27 port 1024:65535
nat on pppoe0 inet from 10.0.0.0/24 to any -> 213.xxx.228.27 port 1024:65535
nat on pppoe0 inet from 10.254.1.0/24 to any -> 213.xxx.228.27 port 1024:65535
nat on pppoe0 inet from 127.0.0.0/8 to any -> 213.xxx.228.27 port 1024:65535
no rdr proto carp all
rdr-anchor "relayd/" all
rdr-anchor "tftp-proxy/" all
rdr pass on pppoe0 inet proto tcp from any to 213.xxx.228.27 port = 22222 -> 192.168.5.100 port 22
rdr pass on vr0 inet proto tcp from any to 213.xxx.228.27 port = 22222 -> 192.168.5.100 port 22
rdr pass on openvpn inet proto tcp from any to 213.xxx.228.27 port = 22222 -> 192.168.5.100 port 22
rdr pass on pppoe0 inet proto tcp from any to 213.xxx.228.27 port = ssh -> 192.168.5.100
rdr pass on vr0 inet proto tcp from any to 213.xxx.228.27 port = ssh -> 192.168.5.100
rdr pass on openvpn inet proto tcp from any to 213.xxx.228.27 port = ssh -> 192.168.5.100
rdr pass on pppoe0 inet proto tcp from any to 213.xxx.228.27 port = 10443 -> 192.168.5.100 port 443
rdr on vr0 inet proto tcp from any to 213.xxx.228.27 port = 10443 tag PFREFLECT -> 127.0.0.1 port 19000
rdr on openvpn inet proto tcp from any to 213.xxx.228.27 port = 10443 tag PFREFLECT -> 127.0.0.1 port 19000
rdr on pppoe0 inet proto tcp from any to 213.xxx.228.27 port = 3389 -> 192.168.5.110
rdr-anchor "miniupnpd" all -
Just recognized that outgoing connections also completely broken. But there is a rule which allows LAN->any any
Very strange -
Port forwarding doesn't break by upgrading. It's almost certainly something that would have happened upon reboot, or in much rarer cases something wasn't right to begin with but worked by coincidence.
Why do you have the same port forwards on both vr0 and pppoe0?
What does your port forward screen look like?
Is 213.xxx.228.27 your correct WAN IP? Could have been manually configured to something static that isn't really static and you got a different IP post-reboot, is why I ask.
Is there something else that prompted you to refer to "very strange entries"? Aside from having the same port forwards on two interfaces, the remainder looks normal.