Project

General

Profile

Actions

Bug #2395

closed

Port forwards with destination "any" on OpenVPN interface creates invalid rules

Added by Chris Buechler over 12 years ago. Updated over 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
Start date:
04/24/2012
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0.x
Affected Architecture:

Description

These two lines:

$natrules .= "no nat on {$natif} proto tcp from ({$natif}) to {$rule_subnet}/{$rule_interface_subnet}\n";
$natrules .= "nat on {$natif} proto tcp from {$rule_subnet}/{$rule_interface_subnet} to {$target} port {$dstport[0]} -> ({$natif})\n";

in filter.inc create invalid rules such as:

no nat on openvpn proto tcp from (openvpn) to /
nat on openvpn proto tcp from / to 192.168.1.1 port 1234 -> (openvpn)

In the instance where you have a port forward with destination "any" on OpenVPN.

port forward:

        <rule>
            <source>
                <any/>
            </source>
            <destination>
                <any/>
                <port>64346-64347</port>
            </destination>
            <protocol>tcp/udp</protocol>
            <target>192.168.1.1</target>
            <local-port>1234</local-port>
            <interface>openvpn</interface>
            <descr/>
        </rule>

Actions

Also available in: Atom PDF