RE: [pfSense Support] Possible Outbound NAT Bug in 1.2.3 Snapshot?
I put that in also-- like I said it didn't take effect until I rebooted. If the rule wasn't there, it wouldn't matter how many times I rebooted :) Dimitri Rodis Integrita Systems LLC http://www.integritasystems.com -Original Message- From: Kimmo Paasiala [mailto:kpaas...@gmail.com] Sent: Friday, April 10, 2009 9:00 AM To: support@pfsense.com Subject: Re: [pfSense Support] Possible Outbound NAT Bug in 1.2.3 Snapshot? I think you're missing a firewall rule on LAN interface that would do the actual policy routing to the cable connection for http(s). Remember that outbound nat rules do not say where the traffic should go but rather how it should be natted when it goes out via the specified interface after routing decision is made. Hope this helps. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org smime.p7s Description: S/MIME cryptographic signature
Re: [pfSense Support] Possible Outbound NAT Bug in 1.2.3 Snapshot?
I think you're missing a firewall rule on LAN interface that would do the actual policy routing to the cable connection for http(s). Remember that outbound nat rules do not say where the traffic should go but rather how it should be natted when it goes out via the specified interface after routing decision is made. Hope this helps. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Possible Outbound NAT Bug in 1.2.3 Snapshot?
Nope, using embedded. Dimitri Rodis Integrita Systems LLC http://www.integritasystems.com -Original Message- From: cbuech...@gmail.com [mailto:cbuech...@gmail.com] On Behalf Of Chris Buechler Sent: Wednesday, April 08, 2009 8:30 PM To: support@pfsense.com Subject: Re: [pfSense Support] Possible Outbound NAT Bug in 1.2.3 Snapshot? On Wed, Apr 8, 2009 at 11:12 PM, Dimitri Rodis wrote: > Currently running: > > 1.2.3-RC1 > built on Wed Apr 1 16:59:10 EDT 2009 > > > > > > In addition to a fiber connection at this particular location, there is also > a second connection brought in via a cable modem. The fiber connection is > intended to serve the incoming connections to web servers, mail servers, > etc. The second cablemodem connection is intended for web browsing and other > misc traffic, as to not bog down the fiber so much. > > > > So, I added an outbound NAT so that traffic originating from the LAN side > destined to port 80 would use the interface address of the cable connection. > Initially, this did not work as expected-- until I rebooted pfSense. Web > traffic did pass, but it was not NATTing to the correct address--I verified > by browsing to http://www.whatismyip.com, and until I rebooted pfSense, it > did not report the correct address. So, I tried it again with port 443 > (whatismyip supports SSL :). Sure enough, it reported the old IP address > until I rebooted pfSense again. > > > > I don't remember having this problem before--why would I need to reboot for > this to take effect? And yes, I did completely close the browser so that an > existing state wouldn't be reused. > > > > Bug? Unlikely, Outbound NAT hasn't changed in a long time. Any packages installed? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org smime.p7s Description: S/MIME cryptographic signature
Re: [pfSense Support] Possible Outbound NAT Bug in 1.2.3 Snapshot?
On Wed, Apr 8, 2009 at 11:12 PM, Dimitri Rodis wrote: > Currently running: > > 1.2.3-RC1 > built on Wed Apr 1 16:59:10 EDT 2009 > > > > > > In addition to a fiber connection at this particular location, there is also > a second connection brought in via a cable modem. The fiber connection is > intended to serve the incoming connections to web servers, mail servers, > etc. The second cablemodem connection is intended for web browsing and other > misc traffic, as to not bog down the fiber so much. > > > > So, I added an outbound NAT so that traffic originating from the LAN side > destined to port 80 would use the interface address of the cable connection. > Initially, this did not work as expected-- until I rebooted pfSense. Web > traffic did pass, but it was not NATTing to the correct address--I verified > by browsing to http://www.whatismyip.com, and until I rebooted pfSense, it > did not report the correct address. So, I tried it again with port 443 > (whatismyip supports SSL :). Sure enough, it reported the old IP address > until I rebooted pfSense again. > > > > I don't remember having this problem before--why would I need to reboot for > this to take effect? And yes, I did completely close the browser so that an > existing state wouldn't be reused. > > > > Bug? Unlikely, Outbound NAT hasn't changed in a long time. Any packages installed? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Possible Outbound NAT Bug in 1.2.3 Snapshot?
Currently running: 1.2.3-RC1 built on Wed Apr 1 16:59:10 EDT 2009 In addition to a fiber connection at this particular location, there is also a second connection brought in via a cable modem. The fiber connection is intended to serve the incoming connections to web servers, mail servers, etc. The second cablemodem connection is intended for web browsing and other misc traffic, as to not bog down the fiber so much. So, I added an outbound NAT so that traffic originating from the LAN side destined to port 80 would use the interface address of the cable connection. Initially, this did not work as expected-- until I rebooted pfSense. Web traffic did pass, but it was not NATTing to the correct address--I verified by browsing to http://www.whatismyip.com, and until I rebooted pfSense, it did not report the correct address. So, I tried it again with port 443 (whatismyip supports SSL :). Sure enough, it reported the old IP address until I rebooted pfSense again. I don't remember having this problem before--why would I need to reboot for this to take effect? And yes, I did completely close the browser so that an existing state wouldn't be reused. Bug or user error? Dimitri Rodis Integrita Systems LLC http://www.integritasystems.com smime.p7s Description: S/MIME cryptographic signature