Project

General

Profile

Actions

Bug #12654

closed

Nat issue after 20211220 version

Added by Viktor Gurov almost 3 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
Rules / NAT
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
22.01
Release Notes:
Force Exclusion
Affected Version:
2.6.0
Affected Architecture:
amd64

Description

Upgrading to version 20211220+ results in loss of pfSense box internet connection if Outbound NAT Source "any" is used

see https://forum.netgate.com/topic/168768/nat-issue-after-20211220-version

Actions #1

Updated by Steve Wheeler almost 3 years ago

This appears to affect any traffic using outbound NAT from an IP on the firewall itself. So, for example, localhost:

[22.01-BETA][admin@5100.stevew.lan]/root: nc -vz -s 127.0.0.1 208.123.73.73 80
nc: connect to 208.123.73.73 port 80 (tcp) failed: Operation timed out

With the default auto OBN rules it also applies to any internal IP.

With an additional 'any' source rule it applies to traffic from the WAN IP.

Actions #2

Updated by Steve Wheeler almost 3 years ago

  • Status changed from New to Feedback
  • Target version set to 2.6.0
  • Plus Target Version set to 22.01
  • Affected Architecture amd64 added

This looks to have been an edge case caused by enabling RSS. Possibly a race condition.
RSS is now disabled in current snapshots and traffic NAT'd from IP addresses on the firewall is working as expected.

Actions #3

Updated by Viktor Gurov over 2 years ago

  • Status changed from Feedback to Resolved

works as expected on 22.01.b.20220109.0600

Actions

Also available in: Atom PDF