Bug #12132
closed
Port Fowards Using CARP VIP Form Validation on Source Broken
0%
Description
With the interface address, you're able to define different port forward NATs on the same interface IP address and port to go to different internal hosts from different sources.
For example, this kind of rule works:
Port Forward Rule #1:
Source: Source A
Destination: WAN Address (or whatever interface IP)
Destination Port: SSH 22 (Service doesn't matter, but I'll use SSH as an example here)
Redirect Target IP: Inside Host A
Port Forward Rule #2:
Source: Source B
Destination: WAN Address (or whatever interface IP)
Destination Port: SSH 22 (Service doesn't matter, but I'll use SSH as an example here)
Redirect Target IP: Inside Host B
The firewall will match the rule based on source, forward on the traffic fine based on the source differently for different inside hosts.
However, if you change the Destination from "[Interface] address" such as "WAN Address" to a CARP VIP, when you go to save the second rule it will complain about it being a duplicate even though it has a different source. This appears to be a bug in the form validation where it thinks there is a duplicate even though the sources are different.
Tested on pfSense Plus 21.05
Files
| BeforeSecondCARP.png (46.2 KB) BeforeSecondCARP.png | Right Before Changing Second Rule to CARP VIP | ||
| ErrorWithTCPUDPCARP.png (121 KB) ErrorWithTCPUDPCARP.png | Error when Applying Second Rule with TCP/UDP | ||
| WorkingTCPUDPWANAddress.png (48.3 KB) WorkingTCPUDPWANAddress.png | Working with two rules and WAN Address | ||
| WorkingCARPVIP.png (46.5 KB) WorkingCARPVIP.png | Working with TCP only and CARP | ||
| WorkingWANIP.png (47.9 KB) WorkingWANIP.png | Working with TCP only and WAN Address | ||
| CARPVIPError21-05.mp4 (3.75 MB) CARPVIPError21-05.mp4 |
Related issues
Updated by 
Updated by Viktor Gurov 
Updated by 
Updated by 
