Actions
Bug #15349
closed1:1 NAT rule for subnet always uses full subnet range
Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
Web Interface
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.7.x
Affected Architecture:
Description
Creating a 1:1 NAT rule for something like 10.0.0.5/28 -> 10.1.0.7/28
will actually create the proper rules for the entire /24
subnet.
Output from pfctl -s nat
:
[2.7.2-RELEASE][admin@pfSense.home.arpa]/root: pfctl -s nat | grep 10.0 binat on vtnet0 inet from 10.1.0.0/28 to any -> 10.0.0.0/28
This is probably the correct behavior, but may not be what people expect and does not appear to be documented.
It would probably make sense for the web interface to reject this kind of rule and require the subnet be specified properly by the first IP in the range.
Actions