Project

General

Profile

Bug #4596

NAT 1:1 vs VIP, limiters works on LAN, but on WAN breaks NAT

Added by Luca De Andreis about 4 years ago. Updated almost 4 years ago.

Status:
Duplicate
Priority:
High
Assignee:
-
Category:
Limiters
Target version:
-
Start date:
04/10/2015
Due date:
% Done:

0%

Estimated time:
Affected Version:
Affected Architecture:

Description

I use this configuration on PfSense 2.1.5 and works very well, on PfSense 2.2.1 limiters on WAN breaks NAT 1:1.

- Several VIPs on WAN (PARP or IPAlias, is the same..)
- 1:1 NAT from VIPs to LAN IPs
- Limiters on LAN IPs (to limit the traffic that begins from LAN)
- Limiters on WAN IPs (to limit the traffic that begins from WAN

In this situation... NAT 1:1 does not work. If I disable limiters on WAN works fine.

History

#1 Updated by Luca De Andreis about 4 years ago

Confirm !

I've just installed a new, clean PFSense 2.2.1.

- Add a single VIP (IP Alias)
- Define limiters up and down for a single IP
- Define NAT 1:1 VIP->IP LAN
- Define outbond NAT manual type (outgoing single IP LAN through VIP)
- Assign limiters on LAN
- Apply: works very well

- Assign limiters in WAN (ip LAN NAT target, defined in WAN rules): NAT 1:1 breaks.
- Remove WAN limiters... all OK.

:(

#2 Updated by Kill Bill about 4 years ago

Already reported a couple of times.

#3 Updated by Luca De Andreis about 4 years ago

.. still persist in 2.2.2

#4 Updated by Ermal Luçi about 4 years ago

  • Target version set to 2.2.3

#5 Updated by Ermal Luçi about 4 years ago

  • Status changed from New to Feedback

Patch submitted for 2.2.x branch will be updated for the 2.3(master) one.

#6 Updated by Chris Buechler almost 4 years ago

  • Status changed from Feedback to Confirmed
  • Assignee set to Ermal Luçi
  • Priority changed from Normal to High
  • Target version changed from 2.2.3 to 2.3
  • Affected Version changed from 2.2.1 to 2.2.x
  • Affected Architecture deleted (amd64)

no change, but we'll leave as-is for 2.2.3. Limiters in general are better in 2.2.3 than earlier 2.2.*.

#7 Updated by Luca De Andreis almost 4 years ago

Tested now.
I confirm the problem on 2.2.3, limiters works well on LAN, but if I enable on WAN breaks 1:1 NAT.

#8 Updated by Chris Buechler almost 4 years ago

  • Status changed from Confirmed to Duplicate
  • Assignee deleted (Ermal Luçi)
  • Target version deleted (2.3)
  • Affected Version deleted (2.2.x)

duplicate of #4326

Also available in: Atom PDF