NAT action is set as Pass instead of RDR

[julsssark]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• [ X] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• [ X] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

NAT rules that are configured with logging enabled show up in the live log (and remote syslog) as Pass actions. The NAT itself is still working correctly (good news) but this bug breaks downstream monitoring/alerting for RDR actions. This behavior started with 24.7.6.

Tip: to validate your setup was working with the previous version, use opnsense-revert (https://docs.opnsense.org/manual/opnsense_tools.html#opnsense-revert)

To Reproduce

Steps to reproduce the behavior:

1. Create new NAT rule and enable logging. See screenshot for the NAT rule I am using for this issue. The issue occurs with all 3 of my NAT rules.
2. Set Live View to filter for NAT condition (note that filter for RDR will not work because nothing will be returned).
3. Trigger NAT rule
4. NAT action will be displayed as a Pass log with no description (see screenshot)

Expected behavior

Logs should show NAT action as RDR (blue in my case with an RDR symbol), and description should contain the description from the NAT rule.

Describe alternatives you considered

None. NAT is still working correctly, it is just recording incorrectly in the logs and remote logs.

Screenshots

1. NAT rule
2. Live view with what should be a RDR detail record displayed. Note that action is Pass and the description in the live view listing is blank.

Relevant log files

If applicable, information from log files supporting your claim.

Additional context

Add any other context about the problem here.

Environment

Software version used and hardware type if relevant, e.g.:

OPNsense 24.7.6-amd64
FreeBSD 14.1-RELEASE-p5
OpenSSL 3.0.15

[julsssark]

I am sorry I opened it to the wrong component. I am learning. Thanks for moving.

[AdSchellevis]

@julsssark don't be sorry, I'm just moving it here because I expect it's a kernel thing. I was able to reproduce it, but givenour current busy schedule a fix might take a bit of time to mature. You can revert the kernel to the previous one with opnsense-update -kr 24.7.5 by the way.

[julsssark]

Thanks @AdSchellevis. OPNsense is awesome and I want to help out.

[marunjar]

I'll chime in here, I can confirm now that revert of kernel to 24.7.5 fixes problems in live log.

Log entries started to look normal after revert, also there are no more ipv4 tcp entries in log with IPv6 RFC4890 requirements (ICMP) label.
For some screenshots please see https://forum.opnsense.org/index.php?topic=43357.msg215621
If you need anyhthing else or have something to test upfront release, i'm happy to help.

[awptechnologies]

Still Present on 24.7.8

[fichtner]

Yep.

[spacerunner5]

for cross reference and some more screenshots:

opnsense forum post