pfense needs to be rebooted to effect a change in existing NAT

Using PFSense ver:2.0-RC1 (i386)

When changing an existing NAT rule in pfsense I find that the rule doesn't work when: 1. the rule existed but with a change to its port number or destination LAN ip or both 2. mapping was done using pfsense load balance but that is disabled to use NAT instead.

In both the above mentioned cases I always had to reboot the firewall. As if a bug in the system.

My current situation is as given below:

Rule that existed: src-any:port1 --nat--> lan-ip1:port2

Rule modified to : src-any:port1 --nat--> lan-ip1:port3

Rules were altered and loaded. I verified from the shell as well. it showed the changed nat settings. But connection fails. I did a reset state from web-gui, but that worked momentarily and later failed.

I have checked in LAN network and found the service working. It fails only from Internet with firewall in between.

Is there any shell/cli method by which I can get this working. Any freebsd/pfsense command that can help me here. For, I cannot restart the firewall until mid-night (allowed downtime).

Three possibilities.

One, you're expecting an already-established connection to change, which won't happen with any stateful firewall. You'll have to kill the state(s) matching that port forward first, Diag>States.

Two, you're running an old snapshot build. Upgrade to the latest stable release, regardless of whether the above fixes. There's a chance you got a snapshot that was in the middle of a set of changes and that snapshot didn't reload its ruleset correctly.

Three, you have a buggy package of some sort installed that's hosing up the filter reload process. Running /etc/rc.filter_configure_sync at the command line may spit out what's happening if that's actually the case. But check one first, and upgrade to 2.0.3 before doing anything here.