Project

General

Profile

Actions
Copy link

Bug #10433

closed

addMask() js code resets netmask size to 128/32

Added by Viktor Gurov about 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Low
Assignee:
Renato Botelho
Category:
Web Interface
Target version:
2.5.0
Start date:
04/05/2020
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:

Description

from https://github.com/pfsense/pfsense/pull/4200:

if you are trying to use max netmask shorter that 128 for IPv6 or shorter that 32 for IPv4, js code resets netmask size to 128/32,
this not allow to use /96 max size for dns64-prefix, or, you can see this issue on 1:1 NAT page - try to enter any IPv4 address to the destination network field, and you can that it allow you to select /32 range (but only /31 is allowed in code)
IpAddress.class.php fixed

pages with this issue:
firewall_nat_1to1_edit.php
firewall_nat_edit.php
interfaces_ppps_edit.php

- netmask /31 can be reset to /32

Actions
Copy link
 #2

Updated by Jim Pingle about 4 years ago

  • Status changed from New to Pull Request Review
  • Target version set to 2.5.0
Actions
Copy link
 #3

Updated by Renato Botelho about 4 years ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

Actions
Copy link
 #4

Updated by Viktor Gurov about 4 years ago

  • Status changed from Feedback to Resolved

tested on 2.5.0.a.20200414.1347

works as expected - now doesn't allow to select /32 netmask on the firewall_nat_1to1_edit.php,
firewall_nat_edit.php and interfaces_ppps_edit.php pages.

Actions
Copy link
 #5

Updated by Viktor Gurov about 4 years ago

This change has broken IPv6 port forward and NAT 1:1 - now it is not possible to enter netmask >31 on these pages

Is IPv6 fully supported on these pages?
Never heard anyone try this

Actions
Copy link
 #6

Updated by Jim Pingle about 4 years ago

  • Status changed from Resolved to New

Viktor Gurov wrote:

This change has broken IPv6 port forward and NAT 1:1 - now it is not possible to enter netmask >31 on these pages

Is IPv6 fully supported on these pages?
Never heard anyone try this

Yes, it does work for certain use cases. Though we don't advertise this fact, since we want to discourage using NAT+IPv6 as much as possible.

We shouldn't break it if we can avoid doing so.

Actions
Copy link
 #7

Updated by Viktor Gurov almost 4 years ago

Actions
Copy link
 #8

Updated by Jim Pingle almost 4 years ago

  • Status changed from New to Pull Request Review
Actions
Copy link
 #9

Updated by Renato Botelho almost 4 years ago

  • Status changed from Pull Request Review to Feedback

PR has been merged. Thanks!

Actions
Copy link
 #10

Updated by Viktor Gurov almost 4 years ago

  • Status changed from Feedback to Closed

tested on 2.5.0.a.20200501.1824

reverted successfully

Actions
Copy link

Also available in: Atom PDF