MultiWAN setup NAT issue
After updating to 2.5.0.a port forwarding accessible only on active WAN
#1 Updated by DRago_Angel [InV@DER] 2 months ago
I have also same issues with NPt IPv6, not only with IPv4 NAT. On 2.4.5 and before it was working fine for both WAN01 and WAN02.
For me it looks like reply-to autorule is broken with NAT\NPt or something near there.
- Static route filtering
- Disable reply-to on WAN rules
- Disable Negate rule on policy routing rules
- NAT Reflection mode in Pure NAT
- Enable NAT Reflection for 1:1 NAT
- Enable automatic outbound NAT for Reflection
Tried to disable\change NAT reflection on specific NAT Rules, tried enable\disabled one by one system_advanced_firewall.php mentioned at top, but nothing helps.
I see on firewall tab that I have connection by allow rule, but from client it not reachable. If for example I simply bind service to needed IP on pfSense without NAT it start to work correctly for IPv4. If I remove NPt it also start work correctly.
If my WAN01 is default TIER1 I can only connect to WAN01 IP4 and IPv6 from outside, but not WAN02 IPs. If I swap priority beetween WAN02 and WAN01 - I can only connect to WAN02 now. The most strange part that if I mark TIER1 GW as DOWN then I can access both WAN01 and WAN02 IPs from outside! For NPt - if I move WAN02IPV6 to TIER1 and WAN01IPV6 to TIER2 I also has access to both IPs from outside. I also can access from LAN any WAN IPs not related what is going outside.
#2 Updated by DRago_Angel [InV@DER] 2 months ago
Update, issue is in:
GWWANGROUP = " " GWWANGROUP6 = " "
Now Steve is helping me to troubleshoot this on Netgate forum in PM and at https://forum.netgate.com/topic/159354/pfsense-2-5-0-a-20201127-0650-nat-issues/
I will update this issue after we will find root case why it happen. Thank you.