Project

General

Profile

Actions

Bug #11188

closed

MultiWAN setup NAT issue

Added by DRago_Angel [InV@DER] about 3 years ago. Updated almost 3 years ago.

Status:
Resolved
Priority:
Very High
Assignee:
-
Category:
Multi-WAN
Target version:
-
Start date:
12/23/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.5.0
Affected Architecture:

Description

After updating to 2.5.0.a port forwarding accessible only on active WAN

Actions #1

Updated by DRago_Angel [InV@DER] about 3 years ago

Update:
I have also same issues with NPt IPv6, not only with IPv4 NAT. On 2.4.5 and before it was working fine for both WAN01 and WAN02.
For me it looks like reply-to autorule is broken with NAT\NPt or something near there.

I rechecked all system_advanced_firewall.php and I not have enabled:
  • Static route filtering
  • Disable reply-to on WAN rules
  • Disable Negate rule on policy routing rules
I have enabled:
  • NAT Reflection mode in Pure NAT
  • Enable NAT Reflection for 1:1 NAT
  • Enable automatic outbound NAT for Reflection

Tried to disable\change NAT reflection on specific NAT Rules, tried enable\disabled one by one system_advanced_firewall.php mentioned at top, but nothing helps.
I see on firewall tab that I have connection by allow rule, but from client it not reachable. If for example I simply bind service to needed IP on pfSense without NAT it start to work correctly for IPv4. If I remove NPt it also start work correctly.

More symptoms:
If my WAN01 is default TIER1 I can only connect to WAN01 IP4 and IPv6 from outside, but not WAN02 IPs. If I swap priority beetween WAN02 and WAN01 - I can only connect to WAN02 now. The most strange part that if I mark TIER1 GW as DOWN then I can access both WAN01 and WAN02 IPs from outside! For NPt - if I move WAN02IPV6 to TIER1 and WAN01IPV6 to TIER2 I also has access to both IPs from outside. I also can access from LAN any WAN IPs not related what is going outside.

Actions #2

Updated by DRago_Angel [InV@DER] about 3 years ago

Update, issue is in:

GWWANGROUP = "  " 
GWWANGROUP6 = "  " 

Now Steve is helping me to troubleshoot this on Netgate forum in PM and at https://forum.netgate.com/topic/159354/pfsense-2-5-0-a-20201127-0650-nat-issues/
I will update this issue after we will find root case why it happen. Thank you.

Actions #3

Updated by Marcos M about 3 years ago

Possibly related to #11436

Actions #4

Updated by Viktor Gurov almost 3 years ago

  • Status changed from New to Resolved

Resolved in #11436

Actions

Also available in: Atom PDF