Bug #4596
closed
NAT 1:1 vs VIP, limiters works on LAN, but on WAN breaks NAT
0%
Description
I use this configuration on PfSense 2.1.5 and works very well, on PfSense 2.2.1 limiters on WAN breaks NAT 1:1.
- Several VIPs on WAN (PARP or IPAlias, is the same..)
- 1:1 NAT from VIPs to LAN IPs
- Limiters on LAN IPs (to limit the traffic that begins from LAN)
- Limiters on WAN IPs (to limit the traffic that begins from WAN
In this situation... NAT 1:1 does not work. If I disable limiters on WAN works fine.
Updated by Luca De Andreis over 9 years ago
Confirm !
I've just installed a new, clean PFSense 2.2.1.
- Add a single VIP (IP Alias)
- Define limiters up and down for a single IP
- Define NAT 1:1 VIP->IP LAN
- Define outbond NAT manual type (outgoing single IP LAN through VIP)
- Assign limiters on LAN
- Apply: works very well
- Assign limiters in WAN (ip LAN NAT target, defined in WAN rules): NAT 1:1 breaks.
- Remove WAN limiters... all OK.
:(
Updated by Kill Bill
Updated by Ermal Luçi over 9 years ago
- Status changed from New to Feedback
Patch submitted for 2.2.x branch will be updated for the 2.3(master) one.
Updated by Chris Buechler over 9 years ago
- Status changed from Feedback to Confirmed
- Assignee set to Ermal Luçi
- Priority changed from Normal to High
- Target version changed from 2.2.3 to 2.3
- Affected Version changed from 2.2.1 to 2.2.x
- Affected Architecture added
- Affected Architecture deleted (
amd64)
no change, but we'll leave as-is for 2.2.3. Limiters in general are better in 2.2.3 than earlier 2.2.*.
Updated by Luca De Andreis over 9 years ago
Tested now.
I confirm the problem on 2.2.3, limiters works well on LAN, but if I enable on WAN breaks 1:1 NAT.
Updated by Chris Buechler over 9 years ago
- Status changed from Confirmed to Duplicate
- Assignee deleted (
Ermal Luçi) - Target version deleted (
2.3) - Affected Version deleted (
2.2.x)
duplicate of #4326