NAT, port aliases, redirect not working after upgrade

Started by ssachse, January 30, 2018, 12:36:46 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3 4 5 6
User actions
January 31, 2018, 03:29:31 PM #30 Last Edit: February 07, 2018, 10:47:34 AM by hirschferkel
My forwarding rules are just > take all incoming connections on a range of ports to one destination and it's corresponding ports.
Host is defined as an Alias (but that's not the problem).
Port range is defined as another Alias.

But what I found is, that old imported rules can not be edited!
On the other hand I can edit a new rule, but this one will not be available with NAT port forwarding!

Something has gone quite wrong here...

At the moment it only works if I choose "pass" as an option, in a manual, single port forwarding. But I can't select new rules which are set to pass. I guess old rules loose their definition, as they can not be edited either. So in the end I cannot set a portrange to be passed... that's wired.
January 31, 2018, 03:47:26 PM #31
I believe this is a hold over from then first jump to the 17.x series.

There was a change in how the rule was defined and some other options that were added/removed from the tabs/pages.

I had a similar issue originally, but spoke with franco and he suggested I recreate the rules and get rid of old ones.  Once I did that, things were back to normal.
January 31, 2018, 03:49:22 PM #32 Last Edit: January 31, 2018, 03:59:00 PM by Evil_Sense
Quote from: hirschferkel on January 31, 2018, 03:29:31 PM
My forwarding rules are just > take all incoming connections on a range of ports to one destination and it's corresponding ports.
Host is defined as an Alias (but that's not the problem).
Port range is defined as another Alias.

But what I found is, that old imported rules can not be edited!
On the other hand I can edit a new rule, but this one will not be available with NAT port forwarding!

Something has gone quite wrong here...

At the moment it only works if I choose "pass" as an option, in a manual, single port forwarding. But I can't select new rules which are set to pass. I guess old rules loose their definition, as they can not be edited either. So in the end I cannot set a portrange to be passed... that's wired.
Is it possible that you configuered the old rules in the NAT > Port Forward menu? They should be editable there, they are only visible in the rules if you choosed "create new rule"
January 31, 2018, 04:17:54 PM #33 Last Edit: January 31, 2018, 04:24:57 PM by hirschferkel
AFAIK you can create rules only in the section Firewall > Rules > choose Interface > edit rules.
I created the old rules there, and the new ones.

The old ones stay not editable.

The new rules will not be available in Firewall > NAT > Port forward > edit forwarding rule > Filter rule association
January 31, 2018, 05:16:41 PM #34
> The old ones stay not editable.
>
> The new rules will not be available in Firewall > NAT > Port forward > edit forwarding rule > Filter rule association

I think that's how the association always worked, no? Non-editable if auto-created via association or manually selectable if not.


Cheers,
Franco
January 31, 2018, 05:36:39 PM #35
18.1_1 working well. Nice one guys.👍
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
January 31, 2018, 05:41:41 PM #36
Hi Franco,

you're right, I missed that.

So if I autocreate a port forwarding, it will not work!
If I setup a rule one manually, it will not be available for a new port forwarding. So it won't work, anyway at the moment?
January 31, 2018, 05:52:07 PM #37
Ah ok, that sounds like a viable theory. The problem with the auto-created association rules is that they are not real rules so their edit button was removed to prevent further breakage. Ideally, they shouldn't exist in a state that an user should feel the need to edit, but may therefore be in a twilight state that the new alias system cannot cope with yet. We'll take a closer look.


Thank you,
Franco
February 01, 2018, 05:57:48 PM #38
18.1 update also killed my NAT. Patch fixed it for me.
February 01, 2018, 06:33:28 PM #39
18.1.1 has been prepared and is ready for release tomorrow morning.


Cheers,
Franco
February 01, 2018, 07:04:10 PM #40
Hopefully 18.1.1 will fix the Alias problem.
18.1 breaks a lot of things for me; All Aliases not working, NAT-Patch not working, IPS Rule Updates not working...
February 01, 2018, 07:32:03 PM #41
Quote from: Phobus on February 01, 2018, 07:04:10 PM
Hopefully 18.1.1 will fix the Alias problem.
18.1 breaks a lot of things for me; All Aliases not working, NAT-Patch not working, IPS Rule Updates not working...

i have the same problems. on 17.7.12 everything was working fine.
Even a full reinstall didnĀ“t help!
February 01, 2018, 07:43:59 PM #42
Quote from: Phobus on February 01, 2018, 07:04:10 PM
Hopefully 18.1.1 will fix the Alias problem.
18.1 breaks a lot of things for me; All Aliases not working, NAT-Patch not working, IPS Rule Updates not working...

Aliases are working for me, though i have a cron job to update them.

Btw, @Franco, using the 'Aliases Resolve Interval' from Firewall: Settings: Advanced is indeed broken.

IPS rules / updates have a patch which fixed the issue.
OPNsense v18 | HW: Gigabyte Z370N-WIFI, i3-8100, 8GB RAM, 60GB SSD, | Controllers: 82575GB-quad, 82574, I221, I219-V | PPPoE: RDS Romania | Down: 980Mbit/s | Up: 500Mbit/s

Team Rebellion Member
February 01, 2018, 08:05:55 PM #43 Last Edit: February 01, 2018, 08:27:40 PM by Evil_Sense
With the fix, port aliases are working, but GeoIP alias (still) isn't.
February 01, 2018, 08:08:33 PM #44
Quote from: Evil_Sense on February 01, 2018, 08:05:55 PM
With the fix, port aliases are working, but GeoIP alias isn't.

Gesendet von meinem ONEPLUS A5000 mit Tapatalk

It's all a bit strange. My geo aliases and all others are working fine... I must have done something wrong . ???
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
Print
Go Up Pages 1 2 3 4 5 6
User actions