Actions
Bug #2395
closed
Port forwards with destination "any" on OpenVPN interface creates invalid rules
Start date:
04/24/2012
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0.x
Affected Architecture:
Description
These two lines:
$natrules .= "no nat on {$natif} proto tcp from ({$natif}) to {$rule_subnet}/{$rule_interface_subnet}\n";
$natrules .= "nat on {$natif} proto tcp from {$rule_subnet}/{$rule_interface_subnet} to {$target} port {$dstport[0]} -> ({$natif})\n";
in filter.inc create invalid rules such as:
no nat on openvpn proto tcp from (openvpn) to / nat on openvpn proto tcp from / to 192.168.1.1 port 1234 -> (openvpn)
In the instance where you have a port forward with destination "any" on OpenVPN.
port forward:
<rule>
<source>
<any/>
</source>
<destination>
<any/>
<port>64346-64347</port>
</destination>
<protocol>tcp/udp</protocol>
<target>192.168.1.1</target>
<local-port>1234</local-port>
<interface>openvpn</interface>
<descr/>
</rule>
Updated by
Actions