Project

General

Profile

Actions

Bug #120

closed

1.2.3 RC3 NO NAT rules have ports 1024:65535 added to destination

Added by Garret Huntress almost 15 years ago. Updated almost 15 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
Start date:
10/27/2009
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
1.2.3
Affected Architecture:

Description

In 1.2.3 RC3, when creating a NO NAT rule, ports 1024:65535 are added to the destination portion of the statement. From looking at the code in filter.inc, it would appear that this is coming from the staticport_txt variable.

For example, when creating a no nat from 10.0.0.0/8 to 206.205.250.0/24 rule:

Expected: no nat on bge1 inet from 10.0.0.0/8 to 206.205.250.0/24
Created: no nat on bge1 inet from 10.0.0.0/8 to 206.205.250.0/24 1024:65535

It would appear that the static port variable is being added to the rule regardless of whether or not this is a nat or no nat rule.

BTW: I love pfSense!

-Garret

Actions #1

Updated by Chris Buechler almost 15 years ago

  • Target version set to 1.2.3
Actions #2

Updated by Garret Huntress almost 15 years ago

I'm not sure if this is the proper method for fixing this issue, but I modified my /etc/inc/filter.inc file with the following (Which has fixed my no nat issue, but no idea if this breaks static-port nat as I don't use that setting):

if($staticnatport) {
$staticnatport_txt = " static-port";
if(!$natport)
$staticnatport_txt = " port 1024:65535"; // set source port range
else
$staticnatport_txt = "";
}
else
$staticnatport_txt = "";

Actions #3

Updated by Scott Ullrich almost 15 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100
Actions #4

Updated by Scott Ullrich almost 15 years ago

  • Status changed from Resolved to New
Actions #5

Updated by Anonymous almost 15 years ago

  • Status changed from New to Resolved
Actions

Also available in: Atom PDF