NAT rule overlap detection is inconsistent
When saving an additional NAT port forward rule:
- The "protocol" field is effectively ignored in overlap checks
- The "source" field is not checked in overlap checks
- Rule is prevented from being saved when a destination mask is defined
Updated by Marcos Mendoza 4 months ago
- Assignee set to Marcos Mendoza
Updated by Jim Pingle 4 months ago
- Status changed from New to Rejected
Protocol doesn't overlap. You can have separate port forward rules for TCP and for UDP on the same port ranges which do not conflict.
Plus, that overlap check isn't for looking at network addresses, it's only making sure that port ranges do not overlap.
Updated by Marcos Mendoza 2 months ago
Adding more details here; currently:
It's possible for rules with overlapping ports to be saved when the destination type is set to
$natent['destination']['address'] can have a value of
post['dst'] has a value of
10.0.0.0 (the mask is on a separate variable
There is a typo
$natent['proto'], which means the
!= operator checks will always return true because
null will never equal a defined variable. Hence, unless the protocol is set to
TCP/UDP, the overlap check below this statement will never run.