Project

General

Profile

Actions
Copy link

Bug #11717

open

Incorrect port forwarding rules if Destination port alias is not equal to Redirect target port alias

Added by Viktor Gurov about 3 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
03/22/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.5.0
Affected Architecture:

Description

If Destination port alias and Redirect target port alias contains different ports,
incorrect port forwarding rules are created:

port_alias1 = 22, 25, 80
port_alias2 = 111, 89, 1521

/tmp/rules.debug:
rdr on vtnet1 inet proto tcp from any to 192.168.122.179 port $port_alias1 -> 192.168.3.77 port 111
pass  in  quick  on $WAN reply-to ( vtnet1 192.168.122.1 ) inet proto tcp  from any to 192.168.3.77 port $port_alias1 tracker 1616395987 flags S/SA keep state  label "USER_RULE: NAT PORT FORWARD EXAMPLE" 


# pfctl -sn | grep 3.77
rdr on vtnet1 inet proto tcp from any to 192.168.122.179 port = ssh -> 192.168.3.77 port 111
rdr on vtnet1 inet proto tcp from any to 192.168.122.179 port = smtp -> 192.168.3.77 port 111
rdr on vtnet1 inet proto tcp from any to 192.168.122.179 port = http -> 192.168.3.77 port 111

If both aliases are same all OK:

/tmp/rules.debug:
rdr on vtnet1 inet proto tcp from any to 192.168.122.179 port $port_alias1 -> 192.168.3.77
pass  in  quick  on $WAN reply-to ( vtnet1 192.168.122.1 ) inet proto tcp  from any to 192.168.3.77 port $port_alias1 tracker 1616395987 flags S/SA keep state  label "USER_RULE: NAT PORT FORWARD EXAMPLE" 


# pfctl -sn | grep 3.77
rdr on vtnet1 inet proto tcp from any to 192.168.122.179 port = ssh -> 192.168.3.77
rdr on vtnet1 inet proto tcp from any to 192.168.122.179 port = smtp -> 192.168.3.77
rdr on vtnet1 inet proto tcp from any to 192.168.122.179 port = http -> 192.168.3.77

No data to display

Actions
Copy link

Also available in: Atom PDF