Bug #10246
closedNAT: Syntax error when "Automatic create outbound NAT rules that direct traffic back out to the same subnet it originated from" is enabled
100%
Description
I have the following port forward NAT rule to redirect DNS from LAN clients to a pi-hole:
Interface: LAN Protocol: UDP Source Address: <LAN_Clients> (alias) Source Ports: * Dest. Address: ! <DNS> (alias) Dest Ports: 53 (DNS) NAT IP: 192.168.1.250 NAT Ports: 53 (DNS)
When I enable "Automatic create outbound NAT rules that direct traffic back out to the same subnet it originated from" I get the following message in the GUI:
There were error(s) loading the rules: /tmp/rules.debug:81: syntax error - The line in question reads [81]: no nat on igb1 proto udp from (igb1) to 192.168.1.250 port port @ 2020-02-10 09:30:25
Here's an extract from /tmp/rules.debug line 79-82:
# NAT Inbound Redirects rdr on igb1 proto udp from $LAN_Clients to ! $DNS port 53 -> 192.168.1.250 no nat on igb1 proto udp from (igb1) to 192.168.1.250 port port nat on igb1 proto udp from 192.168.1.0/24 to 192.168.1.250 port port -> 192.168.1.1 port 1024:65535
It looks like its adding the word port, instead of the actual port? e.g. port 53
Happens in 2.4.4-p3 and the latest 2.4.5-RC snapshot as well
Files
Updated by Anonymous over 4 years ago
Hi,
I also encountered this error a few months back, I forgot to log a redmine for it, but I did post on the forums here with some info about the problem:
https://forum.netgate.com/topic/148085/error-loading-rules-only-when-using-an-alias-in-nat-rule/2
Updated by Jim Pingle over 4 years ago
- Category set to Rules / NAT
- Assignee set to Jim Pingle
- Target version set to 2.5.0
Updated by Jim Pingle over 4 years ago
- Target version changed from 2.5.0 to 2.4.5
Updated by Jim Pingle over 4 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset f9a16422dcfcc06e5093e33ee91dbce9e4295906.
Updated by James L over 4 years ago
Thanks for the quick turnaround Jim Pingle, appreciate it
I can confirm your changes in revision 386db806 resolve the issue for me, from /tmp/rules.debug now:
# NAT Inbound Redirects rdr on igb1 proto udp from $LAN_Clients to ! $DNS port 53 -> 192.168.1.250 no nat on igb1 proto udp from (igb1) to 192.168.1.250 port 53 nat on igb1 proto udp from 192.168.1.0/24 to 192.168.1.250 port 53 -> 192.168.1.1 port 1024:65535