Project

General

Profile

Actions

Bug #10433

closed

addMask() js code resets netmask size to 128/32

Added by Viktor Gurov over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Low
Category:
Web Interface
Target version:
Start date:
04/05/2020
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:

Description

from https://github.com/pfsense/pfsense/pull/4200:

if you are trying to use max netmask shorter that 128 for IPv6 or shorter that 32 for IPv4, js code resets netmask size to 128/32,
this not allow to use /96 max size for dns64-prefix, or, you can see this issue on 1:1 NAT page - try to enter any IPv4 address to the destination network field, and you can that it allow you to select /32 range (but only /31 is allowed in code)
IpAddress.class.php fixed

pages with this issue:
firewall_nat_1to1_edit.php
firewall_nat_edit.php
interfaces_ppps_edit.php

- netmask /31 can be reset to /32

Actions #2

Updated by Jim Pingle over 4 years ago

  • Status changed from New to Pull Request Review
  • Target version set to 2.5.0
Actions #3

Updated by Renato Botelho over 4 years ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

Actions #4

Updated by Viktor Gurov over 4 years ago

  • Status changed from Feedback to Resolved

tested on 2.5.0.a.20200414.1347

works as expected - now doesn't allow to select /32 netmask on the firewall_nat_1to1_edit.php,
firewall_nat_edit.php and interfaces_ppps_edit.php pages.

Actions #5

Updated by Viktor Gurov over 4 years ago

This change has broken IPv6 port forward and NAT 1:1 - now it is not possible to enter netmask >31 on these pages

Is IPv6 fully supported on these pages?
Never heard anyone try this

Actions #6

Updated by Jim Pingle over 4 years ago

  • Status changed from Resolved to New

Viktor Gurov wrote:

This change has broken IPv6 port forward and NAT 1:1 - now it is not possible to enter netmask >31 on these pages

Is IPv6 fully supported on these pages?
Never heard anyone try this

Yes, it does work for certain use cases. Though we don't advertise this fact, since we want to discourage using NAT+IPv6 as much as possible.

We shouldn't break it if we can avoid doing so.

Actions #7

Updated by Viktor Gurov over 4 years ago

Actions #8

Updated by Jim Pingle over 4 years ago

  • Status changed from New to Pull Request Review
Actions #9

Updated by Renato Botelho over 4 years ago

  • Status changed from Pull Request Review to Feedback

PR has been merged. Thanks!

Actions #10

Updated by Viktor Gurov over 4 years ago

  • Status changed from Feedback to Closed

tested on 2.5.0.a.20200501.1824

reverted successfully

Actions

Also available in: Atom PDF