Actions
Bug #11717
openIncorrect port forwarding rules if Destination port alias is not equal to Redirect target port alias
Status:
New
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
03/22/2021
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.5.0
Affected Architecture:
Description
If Destination port alias and Redirect target port alias contains different ports,
incorrect port forwarding rules are created:
port_alias1 = 22, 25, 80
port_alias2 = 111, 89, 1521
/tmp/rules.debug: rdr on vtnet1 inet proto tcp from any to 192.168.122.179 port $port_alias1 -> 192.168.3.77 port 111 pass in quick on $WAN reply-to ( vtnet1 192.168.122.1 ) inet proto tcp from any to 192.168.3.77 port $port_alias1 tracker 1616395987 flags S/SA keep state label "USER_RULE: NAT PORT FORWARD EXAMPLE"
# pfctl -sn | grep 3.77 rdr on vtnet1 inet proto tcp from any to 192.168.122.179 port = ssh -> 192.168.3.77 port 111 rdr on vtnet1 inet proto tcp from any to 192.168.122.179 port = smtp -> 192.168.3.77 port 111 rdr on vtnet1 inet proto tcp from any to 192.168.122.179 port = http -> 192.168.3.77 port 111
If both aliases are same all OK:
/tmp/rules.debug: rdr on vtnet1 inet proto tcp from any to 192.168.122.179 port $port_alias1 -> 192.168.3.77 pass in quick on $WAN reply-to ( vtnet1 192.168.122.1 ) inet proto tcp from any to 192.168.3.77 port $port_alias1 tracker 1616395987 flags S/SA keep state label "USER_RULE: NAT PORT FORWARD EXAMPLE"
# pfctl -sn | grep 3.77 rdr on vtnet1 inet proto tcp from any to 192.168.122.179 port = ssh -> 192.168.3.77 rdr on vtnet1 inet proto tcp from any to 192.168.122.179 port = smtp -> 192.168.3.77 rdr on vtnet1 inet proto tcp from any to 192.168.122.179 port = http -> 192.168.3.77
No data to display
Actions