Bug #16130
closed
Input validation prevents creating port forwards for the same port using a different address family
100%
Description
Attempting to create a port forward for IPv6 that uses the same port in an existing IPv4 rule leads to the input validation error:
The destination port range overlaps with an existing entry.
Updated by Marcos M about 1 month ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Applied in changeset 886b66f783ccd257c1d5a82376490e8abbf1fa5a.
Updated by Alhusein Zawi about 1 month ago
- Status changed from Feedback to Resolved
Created two port forward rules — one for IPv4 and one for IPv6 — using the same port, and no errors occurred.
Resolved
25.03r2025411.1649
Updated by V K 5 days ago
Your advice only works if you can split source aliases into IPv4 and IPv6. However, this is not possible if the source alias contains a DNS name. As a specific case, I will give delivery.antispamcloud.com, a DNS name that contains IPv4 and IPv6 addresses together. In order for this to work in such a case, two aliases need to be created, both of which can contain mixed IPv4 and IPv6, but must have a different name.
So it seems from this, for me, that the problem is not with the firewall itself, but with the control mechanism of the alias forms.
Based on the above, I believe that this case needs to be reopened and the apparent bug fixed.
Updated by V K 5 days ago
Yes it certainly does, but if I use the source alias containing mixed IPv4 and IPv6 for the firewall or NAT TCP rule twice, i.e. for IPV4 and for IPv6 then it ends up with the error "The destination port range overlaps with an existing entry.".
I then have to copy the source alias with a different name and use a copy of it for the second firewall or NAT rule.