OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • Strange issue with NAT Rule Cloning
« previous next »
  • Print
Pages: [1]

Author Topic: Strange issue with NAT Rule Cloning  (Read 2491 times)

MasterXBKC

  • Jr. Member
  • **
  • Posts: 66
  • Karma: 6
  • Infragard Member
    • View Profile
    • PFMonitor Central Firewall Management
Strange issue with NAT Rule Cloning
« on: March 20, 2018, 12:48:38 am »
So here is a bizarre one i have just discovered.

I have a opnsense vm on VMware ESXi, with a number of virtual machines behind it, it holds 2 wan ips.

I had a bunch of rules going to VM-A at 10.0.0.2, for ssh, http, https, etc.

So i needed the same rules for the new vm, which is VM-B, so i added the second IP as a virtual ip, and then cloned each of the nat rules and on each new copy swapped the wan address for the new virtual ip, and changed the redirect ip to 10.0.0.3.  Saved, and applied.

None of the nat rules worked, the VM was in-accessible from the wan side completely.  i re-verified all the settings several times, but all attempts to reach VM-B via the new virtual ip were refused.

So i deleted the rules and created them again the same way, and ended up in the same situation.

As a last ditch effort, i deleted all the rules for VM-B again, and instead of using the clone button, I created them all manually for VM-B, and now they all work the first time.

Something in the cloning of a NAT rule is not working properly....   But everything looks proper in the GUI.
Logged
Member of FBIs Infragard Program
Certified Information Systems Security Officer
Certified Vulnerability Assessor
PFMonitor Remote Management, Backup, & Live Monitoring for PFSense and OPNSense
OPNSense Units: R720XD XL, R720XD XL, R720XD, R720XD, R710, DL360G7, QNAP

dcol

  • Hero Member
  • *****
  • Posts: 557
  • Karma: 46
    • View Profile
Re: Strange issue with NAT Rule Cloning
« Reply #1 on: March 20, 2018, 10:24:46 pm »
One issue I ran into was cloning a NAT PF rule would not create an associate firewall rule.
Logged

MasterXBKC

  • Jr. Member
  • **
  • Posts: 66
  • Karma: 6
  • Infragard Member
    • View Profile
    • PFMonitor Central Firewall Management
Re: Strange issue with NAT Rule Cloning
« Reply #2 on: March 28, 2018, 12:45:18 am »
any news?
Logged
Member of FBIs Infragard Program
Certified Information Systems Security Officer
Certified Vulnerability Assessor
PFMonitor Remote Management, Backup, & Live Monitoring for PFSense and OPNSense
OPNSense Units: R720XD XL, R720XD XL, R720XD, R720XD, R710, DL360G7, QNAP

marjohn56

  • Hero Member
  • *****
  • Posts: 1676
  • Karma: 168
    • View Profile
Re: Strange issue with NAT Rule Cloning
« Reply #3 on: March 28, 2018, 09:39:16 am »
Has a bug report ( Issue ) been raised on Github?
Logged
OPNsense 21.7 - Qotom Q355G4 - ISP - Community Fibre 1Gbps.

Team Rebellion Member - If we've helped you remember to applaud

marjohn56

  • Hero Member
  • *****
  • Posts: 1676
  • Karma: 168
    • View Profile
Re: Strange issue with NAT Rule Cloning
« Reply #4 on: March 28, 2018, 06:56:55 pm »
Out of interest did you have a look at the rules.debug to see what was showing there?
Logged
OPNsense 21.7 - Qotom Q355G4 - ISP - Community Fibre 1Gbps.

Team Rebellion Member - If we've helped you remember to applaud

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • Strange issue with NAT Rule Cloning
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2