Project

General

Profile

Bug #10752

1:1 NAT issue if Internal IP has VIPs

Added by Viktor Gurov 4 months ago. Updated 2 months ago.

Status:
Resolved
Priority:
Normal
Category:
Rules / NAT
Target version:
Start date:
07/10/2020
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.4.5-p1
Affected Architecture:

Description

If you set 'Internal IP' on the firewall_nat_1to1_edit.php to net (OPT1 net, for example)
and OPT1 interface has any VIPs on top of it,
filter_generate_address() returns all of them, creating incorrect pf ruleset:

binat on vtnet1 from { 172.16.16.0/24 192.168.4.0/24 } to 6.6.6.1 -> 192.168.122.179

then you get error:

There were error(s) loading the rules: /tmp/rules.debug:53: multiple binat ip addresses - The line in question reads [53]: binat on vtnet1 from { 172.16.16.0/24 192.168.4.0/24 } to 6.6.6.1 -> 192.168.122.179

Associated revisions

Revision 2922c1d1 (diff)
Added by Viktor Gurov 4 months ago

1:1 NAT net fix. Issue #10752

History

#2 Updated by Jim Pingle 4 months ago

  • Status changed from New to Pull Request Review

#3 Updated by Renato Botelho 3 months ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • Target version set to 2.5.0
  • % Done changed from 0 to 100

PR has been merged. Thanks!

#4 Updated by Danilo Zrenjanin 2 months ago

  • Status changed from Feedback to Resolved

Reproduced the issue. After adding the patch, filter reloaded without issues.

Also available in: Atom PDF