OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • NAT, port aliases, redirect not working after upgrade
« previous next »
  • Print
Pages: 1 [2] 3 4 ... 6

Author Topic: NAT, port aliases, redirect not working after upgrade  (Read 26270 times)

slackadelic

  • Full Member
  • ***
  • Posts: 124
  • Karma: 9
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #15 on: January 30, 2018, 06:03:34 pm »
Well, thank you so far for the troubleshooting.  I may pull one of my backup configs from before the upgrade and see what might be different as well.

Logged

marjohn56

  • Hero Member
  • *****
  • Posts: 1676
  • Karma: 170
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #16 on: January 30, 2018, 06:44:45 pm »
So I've just bounced my 18.1.rc2 to 18.1_1 and all is working.
Logged
OPNsense 21.7 - Qotom Q355G4 - ISP - Community Fibre 1Gbps.

Team Rebellion Member - If we've helped you remember to applaud

AdSchellevis

  • Administrator
  • Hero Member
  • *****
  • Posts: 855
  • Karma: 165
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #17 on: January 30, 2018, 08:27:26 pm »
I just installed an older version and checked the ruleset for a similar situation, it looks like the old version dropped the target port when a destination port alias was provided.

I'm not 100% sure this is intended behaviour for pf, but let me prepare a fix which does the same.
Logged

slackadelic

  • Full Member
  • ***
  • Posts: 124
  • Karma: 9
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #18 on: January 30, 2018, 08:35:35 pm »
Strange, because I tested this in a setup that did not use port aliases.

I added the port aliases, then redid the port forward rules, same thing happened, but I look forward to the patch to see if this fixes it.
Logged

AdSchellevis

  • Administrator
  • Hero Member
  • *****
  • Posts: 855
  • Karma: 165
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #19 on: January 30, 2018, 08:51:24 pm »
Ok, here's the patch

https://github.com/opnsense/core/commit/57f51d2943d964032770574605397006616e935c

installable using:

Code: [Select]
opnsense-patch 57f51d2943
Which in my test setup seems to deliver the same rule output.
Logged

slackadelic

  • Full Member
  • ***
  • Posts: 124
  • Karma: 9
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #20 on: January 30, 2018, 09:09:50 pm »
I've applied the patch.. .not sure what I need to look for.. because now I'm thinking it was working before, but meh.. I'm still testing.  THank for the patch though!
Logged

slackadelic

  • Full Member
  • ***
  • Posts: 124
  • Karma: 9
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #21 on: January 30, 2018, 09:17:36 pm »
Well it does look like that Port aliases are working now, at least on my side.  Just tested by adding a new rule that included them all, then shut down each forwarded port in other rules one by one and tested. .. seems to have worked, but will wait for other confirmations before I move over to it as a permanent solution.
Logged

tillsense

  • Sr. Member
  • ****
  • Posts: 309
  • Karma: 48
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #22 on: January 30, 2018, 09:20:34 pm »
thanks ad!!
Logged

ssachse

  • Newbie
  • *
  • Posts: 4
  • Karma: 0
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #23 on: January 30, 2018, 09:52:14 pm »
I also installed an older version, got my opnsense working again and waiting for more confirmation before I switch again. Thanks a lot!
Stefan
Logged

frank_p

  • Newbie
  • *
  • Posts: 46
  • Karma: 4
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #24 on: January 30, 2018, 11:22:40 pm »
Looks like port-forwarding is working again :) on installation came from V17 and upgrade to V18
Thanks for the patch !!
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13903
  • Karma: 1206
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #25 on: January 31, 2018, 07:36:29 am »
Thank you for confirming. We will discuss releasing another hotfix for this and let you know soon. :)


Cheers,
Franco
Logged

Evil_Sense

  • Full Member
  • ***
  • Posts: 112
  • Karma: 15
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #26 on: January 31, 2018, 09:20:42 am »
Hello

I noticed GeoIP Alias isn't working after upgrading to 18.1_1 and tried applying the hotfix, sadly it didn't helped.
I then tried with source any, which seemed to help, but after some time I am unable to connect again (OpenVPN in this case).

Sadly I can't provide any logs at the moment, because I'm not at home and I don't have a working VPN ;).

Regards
Logged

sibio

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #27 on: January 31, 2018, 11:30:18 am »
Hi all,
patch was successful for us also but we had to "clone" the old rules and delete the original rules (after applying the patch and "reloading all services" on the console).

We had also a side effect of this bug: an old (useless) inbound NAT VOIP rule (using a port alias with SIP and some media ports) that prevented all OUTBOUND SIP connections (which was very surprising to us). After patching & cloning this side effect disappeared as well.

Robert wanted me to precise this in case this is useful to anybody.
Raynald
Logged

hirschferkel

  • Jr. Member
  • **
  • Posts: 92
  • Karma: 3
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #28 on: January 31, 2018, 12:54:08 pm »
The patch did not work here.
Quote from: AdSchellevis on January 30, 2018, 08:51:24 pm
Ok, here's the patch

https://github.com/opnsense/core/commit/57f51d2943d964032770574605397006616e935c

installable using:

Code: [Select]
opnsense-patch 57f51d2943
Which in my test setup seems to deliver the same rule output.
Logged

slackadelic

  • Full Member
  • ***
  • Posts: 124
  • Karma: 9
    • View Profile
Re: NAT, port aliases, redirect not working after upgrade
« Reply #29 on: January 31, 2018, 02:31:34 pm »
Quote from: hirschferkel on January 31, 2018, 12:54:08 pm
The patch did not work here.
Quote from: AdSchellevis on January 30, 2018, 08:51:24 pm
Ok, here's the patch

https://github.com/opnsense/core/commit/57f51d2943d964032770574605397006616e935c

installable using:

Code: [Select]
opnsense-patch 57f51d2943
Which in my test setup seems to deliver the same rule output.


Same here.  I was having some oddities, not related to the patch or aliases, but outbound policy nat rules were messing up.

Just went through this morning and cleaned the entire firewall up and now it appears to be behaving... fingers crossed.
Logged

  • Print
Pages: 1 [2] 3 4 ... 6
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • NAT, port aliases, redirect not working after upgrade
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2