Bug? Update caused Manual Outbound NAT to go out of order.



  • When I investigated I discovered that my outbound NAT rules have changed order and the "Auto Created" rules had once again been moved up to the top and the rules created by me had been shoved down to the bottom.

    I would not have expected my outbound NAT order to change when it is set to Manual.


  • Rebel Alliance Developer Netgate

    Nothing changed in that area recently and nothing would reorder those rules. They would have to have been moved manually somehow.

    If you have a mix of manual and automatic rules, on 2.2 you should be using Hybrid mode, not full manual. Then delete the auto-generated rules that you have not edited and keep only the manual rules you need.



  • @jimp:

    Nothing changed in that area recently and nothing would reorder those rules. They would have to have been moved manually somehow.

    If you have a mix of manual and automatic rules, on 2.2 you should be using Hybrid mode, not full manual. Then delete the auto-generated rules that you have not edited and keep only the manual rules you need.

    I had it in hybrid mode since discovering the out of order condition after update.  I just updated again this morning and again the manual portion of the outbound NAT rules went out of my previously defined order and I needed to manually switch them around again.

    I have two manual ones defined, with descriptions defined in this order:

    VPN Bound
    WAN Bound

    Upon update the order was changed to:

    WAN Bound
    VPN Bound


  • Rebel Alliance Developer Netgate

    I added a few rules in an order that would have surely been sorted one way or another had this been a problem and after an update they were still in the exact same places.

    What shows up in your config history? (Diagnostics > Backup/Restore, Config History tab) Something there would have to show the change and what made it.



  • @jimp:

    I added a few rules in an order that would have surely been sorted one way or another had this been a problem and after an update they were still in the exact same places.

    What shows up in your config history? (Diagnostics > Backup/Restore, Config History tab) Something there would have to show the change and what made it.

    I looked and diffed a bunch but only my "correction" was there.  Whatever swapped it around was not listed.

    I'll update again tonight…



  • Okay here's the story.  The order of the rules does not change after an update, however I do need to reorder something in order for things to start working correctly again after an update.

    I have things set up so that all traffic for a certain host goes through an openvpn client gateway instead of the default gateway.  After an update, no traffic from that host passes through either gateway until I go in and change the order in the outbound nat and apply.  I don't necessarily think it's something specific to outbound nat, that just happens to be what I moved around first thinking it was something to do with that it could be perhaps if I change and apply any rule that it begins working.

    It has happened to me through 3 updates now.


  • Rebel Alliance Developer Netgate

    Check /tmp/rules.debug before and after your change, see if anything looks different.


Log in to reply