Bug #8814
closed
After changing WAN CARP VIP Outbound NAT rules don't import new value but stay with old one and need to be changed manually
0%
Description
I created HA cluster on 2.4.3_p1 and after changing WAN CARP VIP Outbound NAT rules don't import new value. So I lost connectivity, during troubleshooting I saw that Outbound NAT rules stay with old value as NAT Address. When I changed it manually, everything started to work.
WAN CARP VIP is '172.21.41.252'
igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=6400bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
ether 00:08:a2:0a:e9:16
hwaddr 00:08:a2:0a:e9:16
inet6 fe80::208:a2ff:fe0a:e916%igb0 prefixlen 64 scopeid 0x1
inet 172.21.41.144 netmask 0xffffff00 broadcast 172.21.41.255
inet 172.21.41.252 netmask 0xffffff00 broadcast 172.21.41.255 vhid 163
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
carp: MASTER vhid 163 advbase 1 advskew 0
but Outbound NAT rules still have old '172.21.41.13'
nat on igb0 inet from 127.0.0.0/8 to any port = isakmp -> 172.21.41.13 static-port
nat on igb0 inet from 127.0.0.0/8 to any -> 172.21.41.13 port 1024:65535
nat on igb0 inet from 192.168.129.0/24 to any port = isakmp -> 172.21.41.13 static-port
nat on igb0 inet from 192.168.129.0/24 to any -> 172.21.41.13 port 1024:6553
Updated by Jim Pingle over 4 years ago
- Project changed from pfSense Packages to pfSense
- Category set to Rules / NAT
- Status changed from New to Rejected
Outbound NAT rules with a CARP VIP like that are 100% manual, there is no mechanism to update those automatically since you put in manual values. It's not going to search your config and update other instances of manually configured values like that.