Netgate SG-1000 microFirewall

Author Topic: NAT rules completely dissappeared  (Read 60 times)

0 Members and 1 Guest are viewing this topic.

Offline breakaway

  • Jr. Member
  • **
  • Posts: 76
  • Karma: +3/-0
    • View Profile
NAT rules completely dissappeared
« on: February 26, 2018, 04:47:40 am »

Last weekend I had got myself into a bit of a situation. We were making some rather large changes (moving from one ISP to another).

I've got a bunch of VIPs added to my WAN interface (I've got /27 from my ISP). Additionally, I've got manual outbound NAT so that various interfaces on my pfSense appear to be coming out of different IPs on that /27.

I've also got about 50 or so port forwards to make everything work nicely.

Anyway - I switched ISPs on the weekend. So I changed the IP address of the WAN interface. I then went and edited the VIPs as well. New ISP = New IP range so this was necessary.

After several minutes I still couldn't connect. So I decided to check my port forwards. I go to Firewall > NAT - nothing there. Firewall > NAT > Outbound - Nothing. I downloaded the config file thinking this must be some sort of UI glitch but the <nat> </nat> tags are totally missing.

Fortunately I knew something like this could happen and covered my ass by grabbing a config file BEFORE beginning this re-IP addressing - I opened up this file, Located the <Nat> </NAT> section in config.xml, used find+replace to change the IP addresses (so re-addressed the old VIPs to the new ones) and uploaded it - voila, back to normal.

Does changing the WAN IP and/or editing the Virtual IPs cause your NAT rules to disappear if you've got port forwards / outbound NAT rules that depend on these VIPs? Seems somewhat dangerous. I purposely edited the VIPs and didn't delete them, I was afraid if I deleted them it'd cause errors. But editing them made the whole thing blow up anyway.

Anyone else noticed this?