Bug #10384
closed
2.4.5 breaks apipa-nat rules
0%
Description
had a setup running under 2.4.4-RELEASE-p3 which worked fine, but stopped working after the 2.4.5 update.
I have a Modem which has a "Service-Port" which can only use an APIPA address. Clients in my LAN can reach it by calling 10.0.100.1 to access its web page and see connection information.
I did this as follows:
- connecting OPT5 (SPEEDPORT_SERVICE) directly to the Service-Interface of my Modem (Modem-Serivce-Interface has the IP 169.254.2.1)
- gave OPT5 the IP 169.254.2.2
- disabled APIPA_Blocking
- created a virtual IP 10.0.100.1
- set up 2 NAT Rules:
- 1:1 Nat on LAN-Interface to translate 100.0.100.1 to 169.254.2.1 [https://i.imgur.com/U1oxR8u.png]
- Hybrid-Outbound-NAT Rule on OPT5 to allow traffic from LAN to 169.254.0.0/16 [https://i.imgur.com/eBj8vm4.png]
At first I thought, the "APIPA_Blocking"-Option didn't survive the update, but it did. I also tried to use the new GUI Option for it. various Reboots didn't help.
Nothing blocked in the Firwall-Log either.
I'm stumped, I can't explain why it stopped working or what I'm missing. As soon as I revert to the prevoius version it starts working again.
Updated by Jim Pingle about 5 years ago
- Category set to Rules / NAT
- Status changed from New to Rejected
I tested the option and it's working as expected. When the box is checked, the APIPA rules are omitted. When unchecked, the rules return to block it. You have some other issue most likely unrelated to this.
For assistance in solving problems, please post on the Netgate Forum or the pfSense Subreddit .
See Reporting Issues with pfSense Software for more information.