Interface groups with NAT
In some scenarios it would be helpful to use interface groups with NAT (rdr and outbound).
Update to 4.1.6
Major Bug Bug Fixes:
- This release fixes segfault after start when many interfaces are in use.
- This version returns the EDNS bad version response with the AD flag
unset for improved conformance.
Minor Buf Fixes:
- Fix #701: Fix that AD=1 set in a BADVERS response.
- Fix typo in zonec.c inside error message.
- Fix #711: Document that debug-mode yes is used for staying
attached to the supervisor console.
- Document verbosity 3 prints more information.
- nsd-checkconf warns for master zones with no zonefile statement.
- Fix start failure when many file descriptors are in use.
- The servfail rcode is not printed with a space in the middle.
- print failed token for config syntax error or parse error.
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Sponsored by: DK Hostmaster A/S
#1 Updated by Erik Fonnesbeck over 6 years ago
This probably shouldn't be too hard to implement. With port forwards it will probably need code for separating the group into the member interfaces. Outbound NAT might need that, too. I'm not quite sure whether using interface groups is useful with outbound NAT, but if it is implemented, it may need a separate line in rules.debug for each interface in the group.
#2 Updated by Max Mustermann over 6 years ago
For users previously using Peplink Balance routers, all WAN can be selected in the screen where rules are edited. Instead of creating a rule for each WAN link, the Peplink way is to create a rule and select one, more or all WAN interfaces with checkboxes. See attached screenshot.
#4 Updated by Max Mustermann over 6 years ago
Current 20100731-1322 implementation is incorrect:
- having 'WAN1', 'WAN2' and 'WAN' as grouping of WAN1+WAN2
- <firewall_nat.php> can create a rule for WAN1
- creating an associated filter rule, creates one for WAN1 (= correct)
- now the associated filter rule can be edited, where interface WAN1 is changed to group WAN <firewall_rules_edit.php?id=1>
- after saving this, <firewall_nat.php> now displays 'WAN' && <firewall_nat_edit.php?id=0> displays 'WAN1' as interface (!= correct); html source of <firewall_nat_edit.php?id=0> shows: <option selected="" value="wan">WAN1</option>