Project

General

Profile

Actions

Bug #4596

closed

NAT 1:1 vs VIP, limiters works on LAN, but on WAN breaks NAT

Added by Luca De Andreis almost 9 years ago. Updated over 8 years ago.

Status:
Duplicate
Priority:
High
Assignee:
-
Category:
Traffic Shaper (Limiters)
Target version:
-
Start date:
04/10/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:

Description

I use this configuration on PfSense 2.1.5 and works very well, on PfSense 2.2.1 limiters on WAN breaks NAT 1:1.

- Several VIPs on WAN (PARP or IPAlias, is the same..)
- 1:1 NAT from VIPs to LAN IPs
- Limiters on LAN IPs (to limit the traffic that begins from LAN)
- Limiters on WAN IPs (to limit the traffic that begins from WAN

In this situation... NAT 1:1 does not work. If I disable limiters on WAN works fine.

Actions #1

Updated by Luca De Andreis almost 9 years ago

Confirm !

I've just installed a new, clean PFSense 2.2.1.

- Add a single VIP (IP Alias)
- Define limiters up and down for a single IP
- Define NAT 1:1 VIP->IP LAN
- Define outbond NAT manual type (outgoing single IP LAN through VIP)
- Assign limiters on LAN
- Apply: works very well

- Assign limiters in WAN (ip LAN NAT target, defined in WAN rules): NAT 1:1 breaks.
- Remove WAN limiters... all OK.

:(

Actions #2

Updated by Kill Bill almost 9 years ago

Already reported a couple of times.

Actions #3

Updated by Luca De Andreis almost 9 years ago

.. still persist in 2.2.2

Actions #4

Updated by Ermal Luçi almost 9 years ago

  • Target version set to 2.2.3
Actions #5

Updated by Ermal Luçi almost 9 years ago

  • Status changed from New to Feedback

Patch submitted for 2.2.x branch will be updated for the 2.3(master) one.

Actions #6

Updated by Chris Buechler almost 9 years ago

  • Status changed from Feedback to Confirmed
  • Assignee set to Ermal Luçi
  • Priority changed from Normal to High
  • Target version changed from 2.2.3 to 2.3
  • Affected Version changed from 2.2.1 to 2.2.x
  • Affected Architecture added
  • Affected Architecture deleted (amd64)

no change, but we'll leave as-is for 2.2.3. Limiters in general are better in 2.2.3 than earlier 2.2.*.

Actions #7

Updated by Luca De Andreis over 8 years ago

Tested now.
I confirm the problem on 2.2.3, limiters works well on LAN, but if I enable on WAN breaks 1:1 NAT.

Actions #8

Updated by Chris Buechler over 8 years ago

  • Status changed from Confirmed to Duplicate
  • Assignee deleted (Ermal Luçi)
  • Target version deleted (2.3)
  • Affected Version deleted (2.2.x)

duplicate of #4326

Actions

Also available in: Atom PDF