Project

General

Profile

Actions

Bug #1882

closed

Invalid pf rule generated from a port forward with dest=any on an interface with ip=none

Added by Jim Pingle about 13 years ago. Updated over 12 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
09/16/2011
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:

Description

If you have an interface with an IP type of "none", and then create a port forward on that interface with a destination of "any", it leads to an invalid ruleset.

Config snip of the offending port forward:

                <rule>
                        <source>
                                <any/>
                        </source>
                        <destination>
                                <any/>
                                <port>80</port>
                        </destination>
                        <protocol>tcp</protocol>
                        <target>192.168.1.55</target>
                        <local-port>80</local-port>
                        <interface>opt1</interface>
                        <descr/>
                        <associated-rule-id>nat_4e738285d7c807.89552620</associated-rule-id>
                        <value>default</value>
                </rule>

Leads to these rules:

rdr on vr2 proto tcp from any to any port 80 -> 192.168.1.55
no nat on vr2 proto tcp from (vr2) to /
nat on vr2 proto tcp from / to 192.168.1.55 port 80 -> (vr2)

Actions #1

Updated by Erik Fonnesbeck almost 13 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #3

Updated by Chris Buechler over 12 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF