OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • 10.7.6 NAT issue
« previous next »
  • Print
Pages: [1]

Author Topic: 10.7.6 NAT issue  (Read 4444 times)

noses

  • Newbie
  • *
  • Posts: 4
  • Karma: 0
    • View Profile
10.7.6 NAT issue
« on: October 30, 2018, 12:41:28 pm »
If a NAT forwarding rule is using an alias as "Redirect target port" instead of entering it directly the port is not added to the generated pf rule. It was still working in 10.7.3...

noses.
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13679
  • Karma: 1176
    • View Profile
Re: 10.7.6 NAT issue
« Reply #1 on: October 30, 2018, 01:34:32 pm »
Hi there,

We need more information about the alias, type, contents, if this applies to existing rules or only editing/creating rules.


Cheers,
Franco
Logged

The_Penguin

  • Newbie
  • *
  • Posts: 7
  • Karma: 1
    • View Profile
Re: 10.7.6 NAT issue
« Reply #2 on: October 31, 2018, 04:55:22 pm »
Quote from: noses on October 30, 2018, 12:41:28 pm
If a NAT forwarding rule is using an alias as "Redirect target port" instead of entering it directly the port is not added to the generated pf rule. It was still working in 10.7.3...

noses.

I may have the same problem.  I just did multiple updates from 18.1 to 18.7.6 so can't say which update broke it.

I have 1 NAT Port forward that stopped working after the updates.
The forward is traffic to the WAN interface with a destination port of 6060 redirect to an internal host,  port 8080.
 This traffic gets stopped by the default deny rule.  This is my only forward where the dest port gets forwarded to a different port on the inside host. Similar rules that have the same port on the dest host, still work.
Logged

The_Penguin

  • Newbie
  • *
  • Posts: 7
  • Karma: 1
    • View Profile
Re: 10.7.6 NAT issue
« Reply #3 on: October 31, 2018, 05:13:26 pm »
I deleted the WAN rule, and the port forward and re-created, same issue.
Logged

The_Penguin

  • Newbie
  • *
  • Posts: 7
  • Karma: 1
    • View Profile
Re: 10.7.6 NAT issue
« Reply #4 on: November 01, 2018, 01:17:05 am »
Some more info, hope it's helpful or you can tell me to stfu :)

I have other forwards where the inside host is a different port than the destination i.e.  wan:3399 non standard port with an alias goes to an inside host at standard rdp 3389. These work.
Also non-standard port with an alias that are the same destination port wan  and inside host.

What doesn't work is 2 non-standard port aliases that are different.  wan:6060 alias to inside host 8080 alias.

That's all I got.


Logged

tetzschner

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Re: 10.7.6 NAT issue
« Reply #5 on: November 05, 2018, 10:29:31 pm »
Exact same problem here. Had to restore to a previous backup... thanks God for VM and Veeam
Logged

noses

  • Newbie
  • *
  • Posts: 4
  • Karma: 0
    • View Profile
Re: 10.7.6 NAT issue
« Reply #6 on: November 08, 2018, 02:03:30 pm »
Quote from: franco on October 30, 2018, 01:34:32 pm
We need more information about the alias, type, contents, if this applies to existing rules or only editing/creating rules.

Existing rules didn't work after upgrading, new rules neither. The alias was of course a port number and contained exactly one port. So: Create an alias for a port number (e. g. HTTP_proxy as 3128, create a rule (e. g.  from port 10080 on the local host to HTTP_proxy on the local host) and check the pf rule generated and you will find the destination port missing.
Logged

hutiucip

  • Sr. Member
  • ****
  • Posts: 284
  • Karma: 49
    • View Profile
Re: 10.7.6 NAT issue
« Reply #7 on: November 08, 2018, 03:32:42 pm »
I confirm: if dest port is different than NAT port and an alias is used for NAT port, the FW rule generator places dest port (WAN port) in place of NAT port in the associated FW rule, so the rule is not matching traffic, and datagrams are droped by "Default deny rule".
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13679
  • Karma: 1176
    • View Profile
Re: 10.7.6 NAT issue
« Reply #8 on: November 08, 2018, 04:35:46 pm »
Please try again on 18.7.7:

https://github.com/opnsense/changelog/blob/61cbcc863ca66b978ed2c698d71f91a56b0c9e79/doc/18.7/18.7.7#L38


Cheers,
Franco
Logged

hutiucip

  • Sr. Member
  • ****
  • Posts: 284
  • Karma: 49
    • View Profile
Re: 10.7.6 NAT issue
« Reply #9 on: November 09, 2018, 10:04:43 am »
Just tested, it's OK now!
Thank you, you hard workers, really thank you! :)
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13679
  • Karma: 1176
    • View Profile
Re: 10.7.6 NAT issue
« Reply #10 on: November 09, 2018, 01:04:37 pm »
Whew, ok, thanks! 8)
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • 10.7.6 NAT issue
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2