Rule migration breaks NAT/Port forwarding

[trumee]

Hello,

I have a dual WAN setup and i am trying to upgrade the router over the internet. I did a migration but my forwarded ports from WAN stopped working. I rolled back to the snapshot with the old rules.

I have a few questions,

• Can i keep using using old rules and continue making changes to opnsense without breaking it (e.g. suricata)? Or does the function now depend on New rules?
• I followed the migration assistant. However i pressed the `Apply Button` in Step 4 and Step 5. Was that ok?
• Do i need to reboot the router after migration? I did not reboot, and could that be the reason that NAT broke for me.

[Bob.Dig]

If I have to guess, your NAT worked but you had no allow rules for those? A reboot is not required.

[nero355]

Can i keep using using old rules and continue making changes to opnsense without breaking it (e.g. suricata)? Or does the function now depend on New rules?

@franco has mentioned multiple times that there is no immediate need to migrate the Firewall Rules since the whole thing is "Work in Progress" for now and the moment that you will be more or less forced to do so is far, far, far away from now ;)

[jysl]

Same thing happen to me, it have to do with the reply to on multi wan that is not on the default gateway. I am not sure what the intend behavior is. But the below topic fixed for me

https://forum.opnsense.org/index.php?topic=50760.

[Bob.Dig]

Interesting, at least rules.debug shows no reply-to at all. Not sure if it was present there with an older config.

[Bob.Dig]

.

[jysl]

Here the setting that work only

https://imgur.com/9KoAz6a

I try setting the "Gateway" to the same gateway as the "reply to" and "reply to" none, but that didn't work
Also try the "Gatway" none, Checked the "Disable reply to" and "reply to" none, that also not work

[Bob.Dig]

Yep, you only can set it in advanced mode of that rule, that makes sense. Why it is not the default anymore makes less sense to me.