NAT, port aliases, redirect not working after upgrade

[hirschferkel]

My forwarding rules are just > take all incoming connections on a range of ports to one destination and it's corresponding ports.
Host is defined as an Alias (but that's not the problem).
Port range is defined as another Alias.

But what I found is, that old imported rules can not be edited!
On the other hand I can edit a new rule, but this one will not be available with NAT port forwarding!

Something has gone quite wrong here...

At the moment it only works if I choose "pass" as an option, in a manual, single port forwarding. But I can't select new rules which are set to pass. I guess old rules loose their definition, as they can not be edited either. So in the end I cannot set a portrange to be passed... that's wired.

[slackadelic]

I believe this is a hold over from then first jump to the 17.x series.

There was a change in how the rule was defined and some other options that were added/removed from the tabs/pages.

I had a similar issue originally, but spoke with franco and he suggested I recreate the rules and get rid of old ones.  Once I did that, things were back to normal.

[Evil_Sense]

My forwarding rules are just > take all incoming connections on a range of ports to one destination and it's corresponding ports.
Host is defined as an Alias (but that's not the problem).
Port range is defined as another Alias.

But what I found is, that old imported rules can not be edited!
On the other hand I can edit a new rule, but this one will not be available with NAT port forwarding!

Something has gone quite wrong here...

At the moment it only works if I choose "pass" as an option, in a manual, single port forwarding. But I can't select new rules which are set to pass. I guess old rules loose their definition, as they can not be edited either. So in the end I cannot set a portrange to be passed... that's wired.

Is it possible that you configuered the old rules in the NAT > Port Forward menu? They should be editable there, they are only visible in the rules if you choosed "create new rule"

[hirschferkel]

AFAIK you can create rules only in the section Firewall > Rules > choose Interface > edit rules.
I created the old rules there, and the new ones.

The old ones stay not editable.

The new rules will not be available in Firewall > NAT > Port forward > edit forwarding rule > Filter rule association

[franco]

> The old ones stay not editable.
>
> The new rules will not be available in Firewall > NAT > Port forward > edit forwarding rule > Filter rule association

I think that's how the association always worked, no? Non-editable if auto-created via association or manually selectable if not.


Cheers,
Franco

[marjohn56]

18.1_1 working well. Nice one guys.👍

[hirschferkel]

Hi Franco,

you're right, I missed that.

So if I autocreate a port forwarding, it will not work!
If I setup a rule one manually, it will not be available for a new port forwarding. So it won't work, anyway at the moment?

[franco]

Ah ok, that sounds like a viable theory. The problem with the auto-created association rules is that they are not real rules so their edit button was removed to prevent further breakage. Ideally, they shouldn't exist in a state that an user should feel the need to edit, but may therefore be in a twilight state that the new alias system cannot cope with yet. We'll take a closer look.


Thank you,
Franco

[dcol]

18.1 update also killed my NAT. Patch fixed it for me.

[franco]

18.1.1 has been prepared and is ready for release tomorrow morning.


Cheers,
Franco

[Phobus]

Hopefully 18.1.1 will fix the Alias problem.
18.1 breaks a lot of things for me; All Aliases not working, NAT-Patch not working, IPS Rule Updates not working...

[opnsense_user12123]

Hopefully 18.1.1 will fix the Alias problem.
18.1 breaks a lot of things for me; All Aliases not working, NAT-Patch not working, IPS Rule Updates not working...

i have the same problems. on 17.7.12 everything was working fine.
Even a full reinstall didn´t help!

[elektroinside]

Hopefully 18.1.1 will fix the Alias problem.
18.1 breaks a lot of things for me; All Aliases not working, NAT-Patch not working, IPS Rule Updates not working...

Aliases are working for me, though i have a cron job to update them.

Btw, @Franco, using the 'Aliases Resolve Interval' from Firewall: Settings: Advanced is indeed broken.

IPS rules / updates have a patch which fixed the issue.

[Evil_Sense]

With the fix, port aliases are working, but GeoIP alias (still) isn't.

[marjohn56]

With the fix, port aliases are working, but GeoIP alias isn't.

Gesendet von meinem ONEPLUS A5000 mit Tapatalk

It's all a bit strange. My geo aliases and all others are working fine... I must have done something wrong .