LAN NAT "Crashed" the firewall
today i tried to create a NAT LAN rule to redirect all SMTPS traffic to our internal SMTPS Server (from what i know postfix package on 2.2 is still broken), but upon few second after applying the NAT rule pfsense stopped accepting new traffic (opened connections still worked), it doesn't respond anymore to WEB interface, also stopping PF don't work.
The only thing to do is disable the firewall nat rule few second after a restart while web interface still works before it became unresponsive.
My config is simple but i have multiple LAN segment (LAN1, LAN2, LAN3).
My Nat rule
Destination port: 465
Redirect Target IP: 192.168.X.X (on different LAN segment)
Redirect Port: 465
The rule is the one in the pic attached, and i think is ok.
Can some one give some advice? Seems like a BUG on 2.2, has some one has encountered this problem on other installations?
Dunno what's this "simple multiple LAN segment"… The source address would be LAN_stupidobfuscateddescription net. The destination address should be ! 192.168.203.10 (the NOT checkbox) for what you are trying to do. Not any.
Thanks a lot doktornotor!!
This mean that I made a big mess in implementing that last time.
Now everything is clear.
Yeah you created a traffic loop with that, which exhausted your state table. Don't redirect traffic in a loop. :)
Now redirect works, thanks all for suggestions, but it's happening something new…that is non expected.
When i disable the NAT rule firewall stop to pass new traffic (just existing connection works). No new rules just disable the already working NAT forwarding.
The only way to get in and pass traffic again is to execute a "pfSsh.php playback enableallowallwan" from shell using a already opened ssh.
Firewall do not respont to ping on the nat side too…. :( :( :( :(
This is very strange....
I'm using pfsense 2.2 on VMWARE 5.1.
I found something on:
Do you think i got the the same problem?