Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Inbound Nat issues after upgrade to 2.2.1

    Installation and Upgrades
    5
    7
    1241
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      apbirch67 last edited by

      Ok after the upgrade to 2.2.1 from 2.2.x  my inbound nat traffic is being blocked. Yesterday I noticed if i edited and saved the rule traffic started to flow again.  This happened both for Port Forwarding and 1 to 1 rules.

      Well come in this morning to fine that inbound FTP traffic is being blocked so I edited and than saved the rule and traffic started to flow again.

      here is a screen shot of the logs if that helps anyone.


      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned last edited by

        Kindly post the NAT/FW rules screenshot.

        1 Reply Last reply Reply Quote 0
        • A
          a.palmucci last edited by

          I think I had a similar problem but I have not yet risolved….


          I have a problem for a few days with a firewall on which it is set, using Virtual IP, a Port forwarding to FTP / Http
          I noticed the anomaly since I upgraded to version 2.2.
          In particular, the problem is on the FTP service (mod. Passive).
          I was hoping that among the various bugfixes of 2.2.1 there was the solution of my problems but nothing.

          I state that I have already tried with three different machines with the same results.
          Port forwarding rules, in Firewall> NAT are created and enforced properly so that the client can log in but, at the opening of the channel given ftp, not part of the data exchange (LIST command, I think) and the connection is broken.
          There are no packets dropped obviously.
          Other services listening on the same machine on port 80 0 3000 work perfectly.
          In the various tests I also tried with or without VIRTUAL IP.
          All this occurs when step from version 2.2 or 2.1.5 to 2.2.1 with the same machine and hardware.
          On one of the three test cars I reversed the network cards (a D-Link DGE-5820 PCI Realtek and an integrated SIS 191 chipset with both Gigabit).
          Unfortunately I do not have with me other network cards, Intel, for example, which try, assuming an incompatibility hw very remote, too, since I'm not just come out and chipsets that work perfectly with the previous version.


          Tks

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned last edited by

            @a.palmucci:

            I think I had a similar problem but I have not yet risolved….

            No, you don't. Kindly start your own thread after reading the release notes and other docs.

            https://doc.pfsense.org/index.php/Upgrade_Guide#FTP_Proxy
            https://doc.pfsense.org/index.php/FTP_without_a_Proxy

            1 Reply Last reply Reply Quote 0
            • S
              solarthread last edited by

              Im seeing exactly the same issue as the o/p

              Open the nat rule, save, and its working again

              Only happened since going from 2.2 to 2.2.1

              1 Reply Last reply Reply Quote 0
              • S
                solarthread last edited by

                Any update on this? Still seeing this issue on 2.2.2

                1 Reply Last reply Reply Quote 0
                • C
                  cmb last edited by

                  OP's issue is pretty clear from the screenshot. The passed FTP shows the destination of a private IP, so it hit a port forward. The blocked traffic has a destination of a public IP, meaning it doesn't have a matching port forward or 1:1 NAT. That didn't change after upgrading, something wasn't right with that additional public IP to begin with.

                  Given the thread's been dead for a month with no response from OP, he/she probably found where the port forward didn't exist for that VIP and added it.

                  The "me too" posters, you almost certainly don't have the same issue (for one, you probably don't have multiple public IPs). Please start your own thread describing your issue and we can help there.

                  Locking this to prevent further hijacking.

                  Those having FTP trouble, please see:
                  https://doc.pfsense.org/index.php/Upgrade_Guide#FTP_Proxy
                  https://doc.pfsense.org/index.php/FTP_without_a_Proxy

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post