[Modified] No traffic from secondary local network to WAN

Started by StP, April 14, 2020, 08:19:37 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 14, 2020, 08:19:37 PM Last Edit: April 17, 2020, 08:47:11 AM by StP
After the update to 20.1.4 I seeing some NAT problems.
This is on a Deciso DEC2630 or DEC2640 device.
I have two internal -  physically seperated - networks. LAN on igb0 (172.16.30.1/16) and a new one called BBB on igb2 (172.31.30.1).
WAN is on igb1 with a fixed IP.
I have some NAT rules to 172.16.x.x which are all LAN clients. These still work.
And I have some rules to 172.31.0.2 which is a server in the BBB network. These do not work anymore after the update. The server itself is listening to all ports, I checked that from behind the firewall. Coming in over WAN I only get connection timeouts (10060).
I double ( and triple) checked my rules. They look good and unchanged.

Any changes in the last update that could cause this trouble?

Is there an easy way back to 20.1.3 to do some cross checks?

Regards, stay safe
Stefan
April 16, 2020, 04:18:22 PM #1 Last Edit: April 17, 2020, 08:47:29 AM by StP
Well what I found by adding a test machine into the BBB network is this:
The root of the problem is not inbound NAT.
It is a routing problem from BBB to WAN. No packets going that way.
The BBB related entries in System/Routes/Status look fine (Similar to the LAN entries).
I have a firewall rule in place for the BBB network that allows anything.

I have not done anything special regarding gateway configuration.
IPV4 Upstream Gateway is set to Auto-Detect.

Call me stupid, maybe I am.
But this did work before in 20.1.3.

Where should I look?

Stefan

April 16, 2020, 10:28:30 PM #2
Quote from: StP on April 16, 2020, 04:18:22 PM
I have not done anything special regarding gateway configuration.
IPV4 Upstream Gateway is set to Auto-Detect.

not sure what auto-detect does, but can you try setting the gateway address instead?

in https://forum.opnsense.org/index.php?topic=13456.0 there was a similar problem, and setting the gateway address seems to have solved it.
April 17, 2020, 08:46:43 AM #3
Quotenot sure what auto-detect does, but can you try setting the gateway address instead?

in https://forum.opnsense.org/index.php?topic=13456.0 there was a similar problem, and setting the gateway address seems to have solved it.
The problem in the topic you mention seems a bit different from mine.

Well, according to the help available (Info button) I should not change this value for non-WAN interfaces.
Thanks anyways
April 18, 2020, 05:45:17 AM #4
Hi @StP,

System => Settings => General-> Network
Check: prefer IPv4 to IPv6

Regards,
Depuis 2017
X7SPA-HF, Intel(R) ATOM(TM) D525, 4Go RAM, 120Go, 2 Lan 24.1.2_1
APU4c, 4Go RAM, 120Go, 4 Lan 24.1.10_8
APU3a, 2Go RAM, 60Go, 3 Lan 24.1.2_1
APU2c, 2Go RAM, 60Go, 3 Lan 23.7.1_3
BIOS A JOUR (v4.19.0.1).
April 18, 2020, 10:30:09 AM #5
This setting is switched on.
So IPv4 is preferred.
Print
Go Up Pages1
User actions