Bug #2338


outbound NAT rules rewrite themselves if active interface is deleted

Added by David Burgess about 12 years ago. Updated about 11 years ago.

Rules / NAT
Target version:
Start date:
Due date:
% Done:


Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:


To recreate:

1. Configure a working system with WAN, LAN, OPTx
2. Disable Automatic Outbound NAT and deleted automatically created rules
3. Create an outbound NAT rule on interface OPTx, source: LAN subnet

At this point you should have straight routing between LAN and WAN, and LAN>OPT1 should be NATed.

4. Now disable and delete the OPT1 interface

At this point the outbound NAT rule you created will rewrite itself. In my case it changed from OPTx interface to WAN, so my LAN hosts were now being NATed to WAN, breaking cPanel licensing and locking out inbound access for LAN hosts. A better behaviour would be to create an error when the user attempts to delete an interface that is active in outbound NAT, or automatically disable any affected NAT rules.

Actions #1

Updated by Chris Buechler about 12 years ago

  • Category set to Rules / NAT
  • Target version set to 2.1
  • Affected Architecture added
  • Affected Architecture deleted (amd64)

the issue is it removes the interface from the outbound NAT rule and then assumes WAN when there is no interface. deleting an interface shouldn't touch its outbound NAT rules, and an outbound NAT rule that has no interface should likely be skipped and not assumed as WAN (though if that happens in other scenarios it may cause regressions for existing configs).

Actions #2

Updated by Renato Botelho over 11 years ago

  • Assignee set to Renato Botelho
Actions #3

Updated by Renato Botelho over 11 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #4

Updated by Renato Botelho about 11 years ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF