Regression #15024
closed
Invalid outbound NAT rules break the following rule
Added by Steve Wheeler about 1 year ago.
Updated 12 months ago.
Plus Target Version:
23.09.1
Affected Architecture:
All
Description
Manual outbound NAT rules are commented out in the ruleset if they are invalid such as when he interface is disabled:
# Missing interface 'opt1' for rule 'Test'
However in 2.7.1 the following rule runs on immediately omitting it from the rules:
# Missing interface 'opt1' for rule 'Test'nat on $SWITCH inet proto tcp from $OPT3__NETWORK to any -> 192.168.70.1/32 port 443 # Test2
In my test case the rule is added twice:
# Outbound NAT rules (manual)
nat on $SWITCH inet from 172.21.16.0/24 to 192.168.1.0/24 -> 192.168.70.1/32 port 1024:65535 # Temp AP access
nat on $SWITCH inet from 172.21.16.0/24 to 10.232.209.0/24 -> 10.232.209.10/32 port 1024:65535 # Temp AP access
# Missing interface 'opt1' for rule 'Test'nat on $SWITCH inet proto tcp from $OPT3__NETWORK to any -> 192.168.70.1/32 port 443 # Test2
nat on $SWITCH inet6 proto tcp from $OPT3__NETWORK to any -> (igb3) port 443 # Test2
But is not for other reported cases:
https://forum.netgate.com/topic/184251/routing-interface-gateway-issues-after-updating-from-ce-2-7-2-71/
- Plus Target Version set to 24.03
- Status changed from New to Feedback
- % Done changed from 0 to 100
Patch looks good:
# Outbound NAT rules (manual)
nat on $SWITCH inet from 172.21.16.0/24 to 192.168.1.0/24 -> 192.168.70.1/32 port 1024:65535 # Temp AP access
nat on $SWITCH inet from 172.21.16.0/24 to 10.232.209.0/24 -> 10.232.209.10/32 port 1024:65535 # Temp AP access
# Missing interface 'opt1' for rule 'Test'
nat on $SWITCH inet proto tcp from $OPT3__NETWORK to any -> 192.168.70.1/32 port 443 # Test2
nat on $SWITCH inet6 proto tcp from $OPT3__NETWORK to any -> (igb3) port 443 # Test2
- Status changed from Feedback to Resolved
- Target version changed from 2.8.0 to 2.7.2
- Plus Target Version changed from 24.03 to 23.09.1
Also available in: Atom
PDF