Bug #14: reply-to should not be added when bridging - pfSense - pfSense bugtracker

Custom queries

2.4.5-p1 - Resolved/Closed
2.5.0 - Resolved/Closed
2.5.1 - Resolved/Closed
2.5.2 - Resolved/Closed
2.6.0 - Resolved/Closed
2.7.0 - Resolved/Closed
2.7.1 - All Open Issues
2.7.1 - Resolved/Closed
2.7.2 - Resolved/Closed
2.8.0 - All Open Bugs
2.8.0 - All Open Features
2.8.0 - All Open Issues
2.8.0 - All Open Regressions
2.8.0 - Feedback
2.8.0 - Needs Attention
2.8.0 - New/Confirmed
2.8.0 - Pull Requests
2.8.0 - Regressions affecting 2.7.0
2.8.0 - Resolved/Closed
21.02.2/2.5.1 - Resolved/Closed
21.05 Plus - All Closed Issues
21.05.1 Plus Target - All Closed Issues
21.05.1 Target - All Closed Issues
22.01 Plus - All Closed Issues
22.01 Target - All Closed Issues
22.05 Plus - All Closed Issues
22.05 Target - All Closed Issues
23.01 Plus - All Closed Issues
23.01 Target - All Closed Issues
23.05 Plus - All Closed Issues
23.05 Target - All Closed Issues
23.05.1 Plus - All Closed Issues
23.05.1 Target - All Closed Issues
23.09 Plus - All Closed Issues
23.09 Target - All Closed Issues
23.09.1 Plus - All Closed Issues
23.09.1 Target - All Closed Issues
24.03 Plus - All Closed Issues
24.03 Target - All Closed Issues
24.11 Plus - All Closed Issues
24.11 Plus - All Open Issues
24.11 Plus - Feedback Issues
24.11 Plus - Needs Attention/Work
24.11 Plus - New/Confirmed/In Progress Issues
24.11 Target - All Closed Issues
24.11 Target - All Open Issues
25.01 Plus - All Closed Issues
25.01 Plus - All Open Issues
25.01 Plus - Feedback Issues
25.01 Plus - Needs Attention/Work
25.01 Plus - New/Confirmed/In Progress Issues
25.01 Plus - Pull Request Review
25.01 Plus - Waiting on Merge
25.01 Target - All Closed Issues
25.01 Target - All Open Issues
All Open Issues assigned to Me
All Open Pull Requests
Any Target - All Open Regressions
Any Target - Feedback Issues
CE-Next - All Closed Issues (Move to specific target)
CE-Next - All Open Issues
CE-Next - Feedback (Likely needs target changed)
New Issues by Category - Future Target
New Issues by Category - No Target
New Issues by Category - No Target+Future
No Target - All Open Issues (Base Only)
No Target - New Issues (Base Only)
No Target - New Issues (Base and Packages)
Release Notes - Plus Target Version (DO NOT EDIT)
Release Notes - Target Version (DO NOT EDIT)

Actions

Copy link

Bug #14

closed

reply-to should not be added when bridging

Added by Chris Buechler over 15 years ago. Updated almost 15 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Rules / NAT

Target version:

2.0

Start date:

06/10/2009

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.0

Affected Architecture:

Description

When bridging to a WAN or OPT WAN with hosts that use a gateway other than the WAN/OPT WAN's gateway, reply-to will break the ability to communicate with those hosts from the outside.

It's not as simple as not adding reply-to when bridging though, as that will create a different bug where bridging is used in combination with multi-WAN.

Files

Download all files

test_results.rtf (818 Bytes) test_results.rtf		Dan Swartzendruber, 01/07/2010 04:10 PM
bug-14_diffs.rtf (3.19 KB) bug-14_diffs.rtf		Dan Swartzendruber, 01/07/2010 04:10 PM
test_results.txt (612 Bytes) test_results.txt		Dan Swartzendruber, 02/05/2010 03:11 PM
bug-14_diffs.txt (2.85 KB) bug-14_diffs.txt		Dan Swartzendruber, 02/05/2010 03:11 PM

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by Chris Buechler over 15 years ago

Target version set to 1.2.3

Note this also causes difficulties when you have a static route on WAN pointing to something other than your default gateway, for traffic that is not initiated by the firewall.

Actions

Copy link

Updated by Chris Buechler over 15 years ago

Target version changed from 1.2.3 to 2.0

work around committed to RELENG_1_2. https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/efefb2a1e860d082a6024b7c6b67c646b1e8aa6e

needs to be revisited for 2.0, in hopes we can find a better change that won't cause regressions and automatically handles the bridging and static route scenarios properly.

Actions

Copy link

Updated by Ermal Luçi almost 15 years ago

Affected Version set to 2.0

Well if you are doing NAT in bridge mode and the 'other' gateway of the host is not on the same subnet as the gateway of the WAN/OPTWAN there is no escape.

If you are just doing bridging than you do not need at all the reply-to, afaik.

Actions

Copy link

Updated by Scott Ullrich almost 15 years ago

How would we tell when we need the reply-to or not. We need to define the logic that is involved.

Actions

Copy link

Updated by Chris Buechler almost 15 years ago

It's not possible to definitively tell on the firewall, there are too many possible combinations and it ultimately depends on what the default gateway of the bridged hosts is - if it's the same as WAN's gateway it doesn't matter.

having a "Disable reply-to" checkbox under Advanced on a per-rule basis seems like the best solution for this. That's the only way every possible scenario can be handled correctly.

Actions

Copy link

Updated by Dan Swartzendruber almost 15 years ago

I am taking a go at this one.

Actions

Copy link

Updated by Dan Swartzendruber almost 15 years ago

File test_results.rtf test_results.rtf added
File bug-14_diffs.rtf bug-14_diffs.rtf added

Test output and patches uploaded.

Actions

Copy link

Updated by Dan Swartzendruber almost 15 years ago

Any update?

Actions

Copy link

Updated by Scott Ullrich almost 15 years ago

Can you please submit these patches as normal text files? Rich text files do not play along with patches.

Actions

Copy link

#10

Updated by Dan Swartzendruber almost 15 years ago

File test_results.txt test_results.txt added
File bug-14_diffs.txt bug-14_diffs.txt added

Test and patch re-uploaded as vanilla text. By the way, I'm not sure why, but I do not seem to be getting email notifications of issues like this in my inbox. I have verified my email address on the site and checked my mailserver logs, and no indication of any problems :(

Actions

Copy link

#11

Updated by Dan Swartzendruber almost 15 years ago

Oh fooey, my bad I think. I noticed I hadn't checked the 'watch this issue' box.

Actions

Copy link

#12

Updated by Ermal Luçi almost 15 years ago

Status changed from New to Feedback

Patch committed thanks.

Actions

Copy link

#13

Updated by Chris Buechler almost 15 years ago

Status changed from Feedback to Resolved

works

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #14

reply-to should not be added when bridging

Updated by Chris Buechler over 15 years ago

Updated by Chris Buechler over 15 years ago

Updated by Ermal Luçi almost 15 years ago

Updated by Scott Ullrich almost 15 years ago

Updated by Chris Buechler almost 15 years ago

Updated by Dan Swartzendruber almost 15 years ago

Updated by Dan Swartzendruber almost 15 years ago

Updated by Dan Swartzendruber almost 15 years ago

Updated by Scott Ullrich almost 15 years ago

Updated by Dan Swartzendruber almost 15 years ago

Updated by Dan Swartzendruber almost 15 years ago

Updated by Ermal Luçi almost 15 years ago

Updated by Chris Buechler almost 15 years ago