This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Strange Snat issue after 7.201 to 7.302 update.

After 4 months, I was finally able to get a valid license installed. I upgraded my 120 from 7.201 to 7.302 to resolve some nagging VPN issues where one of the gateways would just drop traffic for no reason until the box was rebooted.
Anyway, after the upgrade, all VPN traffic stopped for one of the tunnels. After testing and many many TCP dumps, I finally discovered none of the SNAT definitions were enabled. After the update to 7.302 the SNAT definitions were invalid.
If I had the Traffic service set to "any", the rule was invalid and couldn't be enabled. I ended up creating a new service definition of "all" with TCP and UDT 1:65535 to 1:65535. I replaced the "any" with my new "all" and everything worked.

Does anyone know why I would need to do this or why the SNAT definitions for 7.201 worked but they wouldn't work for 7.302?

This thread was automatically locked due to age.

0 Jack Daniel over 17 years ago

Use of the "any" service definition has been a source of problems for many customers, especially with complicated rule sets. As a result, the ability to use the "any" service definition was removed.
Cancel
Vote Up 0 Vote Down

Cancel
0 kwyrick over 17 years ago in reply to Jack Daniel

So, rather than fix the issue they simply disabled it? What does Astaro suggest, full nat or what?
Cancel
Vote Up 0 Vote Down

Cancel
0 Jack Daniel over 17 years ago in reply to kwyrick

The recommended solution is to only NAT the ports needed. As with many security settings, the more granular the ruleset, the better.
Cancel
Vote Up 0 Vote Down

Cancel