Actions
Bug #2299
closed
Redundant NAT rules created for PPTP subnet by Auto Outbound NAT rule generation
Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
03/18/2012
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0.1
Affected Architecture:
Description
Outbound NAT is set to Automatic
PPTP server
server address: 192.168.100.2
remote address range: 192.168.100.64
No of PPTP users: 16
Firewall Rule to allow PPTP Clients -> LAN
While checking the rules with pfctl -sa |fgrep 192.168.100.64 I noticed what seem to be redundant rules:
nat on em0 inet from 192.168.100.64 port = isakmp to any port = isakmp -> xx.yy.1.202 port 500
nat on em0 inet from 192.168.100.64/28 port = isakmp to any port = isakmp -> xx.yy.1.202 port 500
nat on em0 inet from 192.168.100.64 to any -> xx.yy.1.202 port 1024:65535
nat on em0 inet from 192.168.100.64/28 to any -> xx.yy.1.202 port 1024:65535
where xx.yy.1.202 is my WAN IP
Updated by Chris Buechler over 10 years ago
- Status changed from New to Resolved
fixed at some point long ago
Actions