NAT, port aliases, redirect not working after upgrade

[slackadelic]

Well, thank you so far for the troubleshooting.  I may pull one of my backup configs from before the upgrade and see what might be different as well.

[marjohn56]

So I've just bounced my 18.1.rc2 to 18.1_1 and all is working.

[AdSchellevis]

I just installed an older version and checked the ruleset for a similar situation, it looks like the old version dropped the target port when a destination port alias was provided.

I'm not 100% sure this is intended behaviour for pf, but let me prepare a fix which does the same.

[slackadelic]

Strange, because I tested this in a setup that did not use port aliases.

I added the port aliases, then redid the port forward rules, same thing happened, but I look forward to the patch to see if this fixes it.

[AdSchellevis]

Ok, here's the patch

https://github.com/opnsense/core/commit/57f51d2943d964032770574605397006616e935c

installable using:

Code: [Select]

opnsense-patch 57f51d2943
Which in my test setup seems to deliver the same rule output.

[slackadelic]

I've applied the patch.. .not sure what I need to look for.. because now I'm thinking it was working before, but meh.. I'm still testing.  THank for the patch though!

[slackadelic]

Well it does look like that Port aliases are working now, at least on my side.  Just tested by adding a new rule that included them all, then shut down each forwarded port in other rules one by one and tested. .. seems to have worked, but will wait for other confirmations before I move over to it as a permanent solution.

[tillsense]

thanks ad!!

[ssachse]

I also installed an older version, got my opnsense working again and waiting for more confirmation before I switch again. Thanks a lot!
Stefan

[frank_p]

Looks like port-forwarding is working again on installation came from V17 and upgrade to V18
Thanks for the patch !!

[franco]

Thank you for confirming. We will discuss releasing another hotfix for this and let you know soon.


Cheers,
Franco

[Evil_Sense]

Hello

I noticed GeoIP Alias isn't working after upgrading to 18.1_1 and tried applying the hotfix, sadly it didn't helped.
I then tried with source any, which seemed to help, but after some time I am unable to connect again (OpenVPN in this case).

Sadly I can't provide any logs at the moment, because I'm not at home and I don't have a working VPN .

Regards

[sibio]

Hi all,
patch was successful for us also but we had to "clone" the old rules and delete the original rules (after applying the patch and "reloading all services" on the console).

We had also a side effect of this bug: an old (useless) inbound NAT VOIP rule (using a port alias with SIP and some media ports) that prevented all OUTBOUND SIP connections (which was very surprising to us). After patching & cloning this side effect disappeared as well.

Robert wanted me to precise this in case this is useful to anybody.
Raynald

[hirschferkel]

The patch did not work here.

Ok, here's the patch

https://github.com/opnsense/core/commit/57f51d2943d964032770574605397006616e935c

installable using:

Code: [Select]

opnsense-patch 57f51d2943
Which in my test setup seems to deliver the same rule output.

[slackadelic]

The patch did not work here.

Ok, here's the patch

https://github.com/opnsense/core/commit/57f51d2943d964032770574605397006616e935c

installable using:

Code: [Select]

opnsense-patch 57f51d2943
Which in my test setup seems to deliver the same rule output.

Same here.  I was having some oddities, not related to the patch or aliases, but outbound policy nat rules were messing up.

Just went through this morning and cleaned the entire firewall up and now it appears to be behaving... fingers crossed.