Project

General

Profile

Actions
Copy link

Bug #14655

open

NAT behind a WAN rule" and "!WAN rule"

Added by Andre Lopez Araujo 9 months ago. Updated 8 months ago.

Status:
Confirmed
Priority:
Normal
Assignee:
-
Category:
NAT Reflection
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.7.0
Affected Architecture:
amd64

Description

Good morning,

I just set up a DMZ NAT for everything that is not a WAN Net, but when creating another NAT with the same rules, except for the source, which should be WAN Net, it says it's duplicated, showing the message "The destination port range overlaps with an existing entry."

Files

Download all files
Captura de pantalla 2023-08-06 172339.png (66.5 KB) Captura de pantalla 2023-08-06 172339.png Andre Lopez Araujo, 08/06/2023 03:24 PM
Captura de pantalla 2023-08-06 172351.png (30.2 KB) Captura de pantalla 2023-08-06 172351.png Andre Lopez Araujo, 08/06/2023 03:24 PM
Actions
Copy link
 #1

Updated by Andre Lopez Araujo 9 months ago

Im wanting about different NATs with the same ports

Actions
Copy link
 #2

Updated by Christopher Cope 8 months ago

  • Status changed from New to Confirmed

I can confirm this behavior on

23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT

The input validation currently treats an inverted source or destination as identical to the non inverted counterparts.

For now, there is a simple, and arguably better, way to accomplish the same thing by specifying the WAN net rule first and then following it with a rule using any as the source, as any traffic that doesn't match WAN net will be equivalent to !WAN net.

Actions
Copy link

Also available in: Atom PDF