Project

General

Profile

Bug #10433

addMask() js code resets netmask size to 128/32

Added by Viktor Gurov 7 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Low
Category:
Web Interface
Target version:
Start date:
04/05/2020
Due date:
% Done:

100%

Estimated time:
Affected Version:
Affected Architecture:

Description

from https://github.com/pfsense/pfsense/pull/4200:

if you are trying to use max netmask shorter that 128 for IPv6 or shorter that 32 for IPv4, js code resets netmask size to 128/32,
this not allow to use /96 max size for dns64-prefix, or, you can see this issue on 1:1 NAT page - try to enter any IPv4 address to the destination network field, and you can that it allow you to select /32 range (but only /31 is allowed in code)
IpAddress.class.php fixed

pages with this issue:
firewall_nat_1to1_edit.php
firewall_nat_edit.php
interfaces_ppps_edit.php

- netmask /31 can be reset to /32

Associated revisions

Revision 44aea2e1 (diff)
Added by Viktor Gurov 7 months ago

addMask() netmask reset fix. Issue #10433

History

#2 Updated by Jim Pingle 7 months ago

  • Status changed from New to Pull Request Review
  • Target version set to 2.5.0

#3 Updated by Renato Botelho 7 months ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

#4 Updated by Viktor Gurov 7 months ago

  • Status changed from Feedback to Resolved

tested on 2.5.0.a.20200414.1347

works as expected - now doesn't allow to select /32 netmask on the firewall_nat_1to1_edit.php,
firewall_nat_edit.php and interfaces_ppps_edit.php pages.

#5 Updated by Viktor Gurov 7 months ago

This change has broken IPv6 port forward and NAT 1:1 - now it is not possible to enter netmask >31 on these pages

Is IPv6 fully supported on these pages?
Never heard anyone try this

#6 Updated by Jim Pingle 6 months ago

  • Status changed from Resolved to New

Viktor Gurov wrote:

This change has broken IPv6 port forward and NAT 1:1 - now it is not possible to enter netmask >31 on these pages

Is IPv6 fully supported on these pages?
Never heard anyone try this

Yes, it does work for certain use cases. Though we don't advertise this fact, since we want to discourage using NAT+IPv6 as much as possible.

We shouldn't break it if we can avoid doing so.

#8 Updated by Jim Pingle 6 months ago

  • Status changed from New to Pull Request Review

#9 Updated by Renato Botelho 6 months ago

  • Status changed from Pull Request Review to Feedback

PR has been merged. Thanks!

#10 Updated by Viktor Gurov 6 months ago

  • Status changed from Feedback to Closed

tested on 2.5.0.a.20200501.1824

reverted successfully

Also available in: Atom PDF