upgrade problems

[godfather007]

Hi,


For a while I'm trying to upgrade from 1.7 to 1.8 without success.

After an  export and import NAT does not work anymore.

From the host i can ping the internet but from my private it cannot be reached: "errors loading the rules /tmp/rules.debug.158"

The lines in there look like this:

scrub on re1_vlan534 all
scrub on re1_vlan536 all
scrub on re1_vlan538 all
scrub on re0_vlan34 all
scrub on gif0 all

157:no rdr proto carp all
158:nat on re0_vlan34 inet from (re1:network) to any port $500 -> re0_vlan34 static-port # Automatic outbound rule
159:nat on re0_vlan34 inet from (re1_vlan502:network) to any port $500 -> re0_vlan34 static-port # Automatic outbound rule
160:nat on re0_vlan34 inet from (re1_vlan504:network) to any port $500 -> re0_vlan34 static-port # Automatic outbound rule
161:nat on re0_vlan34 inet from (re1_vlan506:network) to any port $500 -> re0_vlan34 static-port # Automatic outbound rule
nat on re0_vlan34 inet from (re1_vlan508:network) to any port $500 -> re0_vlan34 static-port # Automatic outbound rule
nat on re0_vlan34 inet from (re1_vlan510:network) to any port $500 -> re0_vlan34 static-port # Automatic outbound rule

I already switched from "automatic" to "manual" NAT-outbound setting, hoping the wrong bit would flip back to functional state.


Any idea where this could be coming from?

[franco]

Is there a more elaborate error message?

Looks a bit like re1:network is not configured, do you have it assigned somehwere but no IPv4 configured?


Cheers,
Franco

[godfather007]

Hi Franco,

re1:network is my mgmt subnet for native vlan0 comms. It has only ipv4 assigned.

[franco]

Go to System: Settings: Advanced and set "Firewall Maximum Table Entries" to 500000. We're working on this.

Not sure about the other error... one at a time.


Cheers,
Franco

[godfather007]

Hi,

it is already a few months later.
Unfortunately, the error remains. Whatever i try, entire config or seperate compartmens (like vlan, interfaces, aliasses, firewallrules).


Whenever i import the old 17 config into the latest 18.1.6 it gives an error like this:

opnsense: /usr/local/etc/rc.filter_configure: New alert found: There were error(s) loading the rules: /tmp/rules.debug:154: macro '500' not defined - The line in question reads [154]: nat on re0_vlan34 inet from (re1:network) to any port $500 -> re0_vlan34:0 static-port # Automatic outbound rule

RE1 is the default interface for mgmt, has an IP and 20 vlans (with each of them an IP).


I get cramp in my stumach thinking of manually defining the entire config (like going from pfsense to opnsense).

Any idea? Someone?

[franco]

Macro $500 is not defined... what is it supposed to be.. a stray port alias that maybe no longer exists?

Posting the error message a few months ago would probably not have caused this to be overlooked.


Cheers,
Franco

[godfather007]

Errr, so i should find it in a alias-definition that does not exist anymore?

I will have a more detailed look between the rules and eventually the /tmp/rules.debug file.

Thanks

[franco]

Worst case, find out what 500 was about, look it up in the alias definitions and if its not there create it and add the contents back. That should bring the rules back to life immediately.

Additionally if you could share with me your config.xml section that has alias "500" I can see why it's not converted/written to the system.


Cheers,
Franco

[godfather007]

Hi Franco,

i've been searching in the file and, apart from my 500, 502, 50x vlan definitions i cannot find something odd.

If you could have a glance? Just attach it here online? 

Musch appreciated

[franco]

Send it to franco@opnsense.org and I'll have a look.


Cheers,
Franco

[godfather007]

Hi Franco,

were you able to have a look at it?

Regards,
Martijn

[franco]

Hi Martijn,

I didn't see a mail?  When did you send it?


Cheers,
Franco

[godfather007]

I will give it another try with an alternative address :-)

[godfather007]

Hi Franco,

did it come through this time?

[franco]

Found it, thanks. Will have a look now.