Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    LAN NAT "Crashed" the firewall

    Scheduled Pinned Locked Moved Firewalling
    6 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      stipe76
      last edited by

      Hi,

      today i tried to create a NAT LAN rule to redirect all SMTPS traffic to our internal SMTPS Server (from what i know postfix package on 2.2 is still broken), but upon few second after applying the NAT rule pfsense stopped accepting new traffic (opened connections still worked), it doesn't respond anymore to WEB interface, also stopping PF don't work.
      The only thing to do is disable the firewall nat rule few second after a restart while web interface still works before it became unresponsive.

      My config is simple but i have multiple LAN segment (LAN1, LAN2, LAN3).

      My Nat rule
      Interface: LAN1
      Protocol: TCP:
      Destination: Any
      Destination port: 465
      Redirect Target IP: 192.168.X.X (on different LAN segment)
      Redirect Port: 465

      The rule is the one in the pic attached, and i think is ok.

      Can some one give some advice? Seems like a BUG on 2.2, has some one has encountered this problem on other installations?

      rule_nat.png
      rule_nat.png_thumb

      1 Reply Last reply Reply Quote 0
      • D Offline
        doktornotor Banned
        last edited by

        Dunno what's this "simple multiple LAN segment"… The source address would be LAN_stupidobfuscateddescription net. The destination address should be ! 192.168.203.10 (the NOT checkbox) for what you are trying to do. Not any.

        1 Reply Last reply Reply Quote 0
        • S Offline
          stipe76
          last edited by

          Thanks a lot doktornotor!!

          This mean that I made a big mess in implementing that last time.
          Now everything is clear.

          1 Reply Last reply Reply Quote 0
          • C Offline
            cmb
            last edited by

            Yeah you created a traffic loop with that, which exhausted your state table. Don't redirect traffic in a loop. :)

            1 Reply Last reply Reply Quote 0
            • S Offline
              stipe76
              last edited by

              Now redirect works, thanks all for suggestions, but it's happening something new…that is non expected.

              When i disable the NAT rule firewall stop to pass new traffic (just existing connection works). No new rules just disable the already working NAT forwarding.

              The only way to get in and pass traffic again is to execute a "pfSsh.php playback enableallowallwan" from shell using a already opened ssh.

              Firewall do not respont to ping on the nat side too…. :( :( :( :(

              This is very strange....

              I'm using pfsense 2.2 on VMWARE 5.1.

              1 Reply Last reply Reply Quote 0
              • S Offline
                stipe76
                last edited by

                I found something on:

                https://forum.pfsense.org/index.php?topic=88463.0

                Do you think i got the the same problem?

                Mark

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.