Strange issue with NAT Rule Cloning

MasterXBKC · March 20, 2018, 12:48:38 AM

So here is a bizarre one i have just discovered.

I have a opnsense vm on VMware ESXi, with a number of virtual machines behind it, it holds 2 wan ips.

I had a bunch of rules going to VM-A at 10.0.0.2, for ssh, http, https, etc.

So i needed the same rules for the new vm, which is VM-B, so i added the second IP as a virtual ip, and then cloned each of the nat rules and on each new copy swapped the wan address for the new virtual ip, and changed the redirect ip to 10.0.0.3. Saved, and applied.

None of the nat rules worked, the VM was in-accessible from the wan side completely. i re-verified all the settings several times, but all attempts to reach VM-B via the new virtual ip were refused.

So i deleted the rules and created them again the same way, and ended up in the same situation.

As a last ditch effort, i deleted all the rules for VM-B again, and instead of using the clone button, I created them all manually for VM-B, and now they all work the first time.

Something in the cloning of a NAT rule is not working properly.... But everything looks proper in the GUI.

dcol · March 20, 2018, 10:24:46 PM

One issue I ran into was cloning a NAT PF rule would not create an associate firewall rule.

MasterXBKC · March 28, 2018, 12:45:18 AM

any news?

marjohn56 · March 28, 2018, 09:39:16 AM

Has a bug report ( Issue ) been raised on Github?

marjohn56 · March 28, 2018, 06:56:55 PM

Out of interest did you have a look at the rules.debug to see what was showing there?

Strange issue with NAT Rule Cloning

MasterXBKC

March 20, 2018, 12:48:38 AM

dcol

March 20, 2018, 10:24:46 PM #1

MasterXBKC

March 28, 2018, 12:45:18 AM #2

marjohn56

March 28, 2018, 09:39:16 AM #3

marjohn56

March 28, 2018, 06:56:55 PM #4