Project

General

Profile

Actions

Bug #10246

closed

NAT: Syntax error when "Automatic create outbound NAT rules that direct traffic back out to the same subnet it originated from" is enabled

Added by James L over 4 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Rules / NAT
Target version:
Start date:
02/09/2020
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.4-p3
Affected Architecture:

Description

I have the following port forward NAT rule to redirect DNS from LAN clients to a pi-hole:

Interface: LAN
Protocol: UDP
Source Address: <LAN_Clients> (alias)
Source Ports: *
Dest. Address: ! <DNS> (alias)
Dest Ports: 53 (DNS)
NAT IP: 192.168.1.250
NAT Ports: 53 (DNS)

When I enable "Automatic create outbound NAT rules that direct traffic back out to the same subnet it originated from" I get the following message in the GUI:

There were error(s) loading the rules: /tmp/rules.debug:81: syntax error - The line in question reads [81]: no nat on igb1 proto udp from (igb1) to 192.168.1.250 port port
@ 2020-02-10 09:30:25

Here's an extract from /tmp/rules.debug line 79-82:

# NAT Inbound Redirects
rdr on igb1 proto udp from $LAN_Clients to ! $DNS port 53 -> 192.168.1.250
no nat on igb1 proto udp from (igb1) to 192.168.1.250 port port
nat on igb1 proto udp from 192.168.1.0/24 to 192.168.1.250 port port -> 192.168.1.1 port 1024:65535

It looks like its adding the word port, instead of the actual port? e.g. port 53

Happens in 2.4.4-p3 and the latest 2.4.5-RC snapshot as well


Files

pfsense4.png (18.3 KB) pfsense4.png Error message James L, 02/09/2020 02:37 PM
pfsense5.png (99.2 KB) pfsense5.png NAT rule James L, 02/09/2020 02:37 PM
Actions #1

Updated by Anonymous over 4 years ago

Hi,

I also encountered this error a few months back, I forgot to log a redmine for it, but I did post on the forums here with some info about the problem:
https://forum.netgate.com/topic/148085/error-loading-rules-only-when-using-an-alias-in-nat-rule/2

Actions #2

Updated by Jim Pingle over 4 years ago

  • Category set to Rules / NAT
  • Assignee set to Jim Pingle
  • Target version set to 2.5.0
Actions #3

Updated by Jim Pingle over 4 years ago

  • Target version changed from 2.5.0 to 2.4.5
Actions #4

Updated by Jim Pingle over 4 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #5

Updated by Anonymous over 4 years ago

As always, Thanks Jim!
Will test shortly.

Actions #6

Updated by James L over 4 years ago

Thanks for the quick turnaround Jim Pingle, appreciate it

I can confirm your changes in revision 386db806 resolve the issue for me, from /tmp/rules.debug now:

# NAT Inbound Redirects
rdr on igb1 proto udp from $LAN_Clients to ! $DNS port 53 -> 192.168.1.250
no nat on igb1 proto udp from (igb1) to 192.168.1.250 port 53
nat on igb1 proto udp from 192.168.1.0/24 to 192.168.1.250 port 53 -> 192.168.1.1 port 1024:65535

Actions #7

Updated by Jim Pingle over 4 years ago

  • Status changed from Feedback to Resolved

Thanks for testing!

Actions

Also available in: Atom PDF