Project

General

Profile

Actions

Bug #3824

open

Limiters on bridge break traffic outside locally-configured IP subnets

Added by Chris Buechler over 9 years ago. Updated over 7 years ago.

Status:
Confirmed
Priority:
Normal
Assignee:
Category:
Traffic Shaper (Limiters)
Target version:
-
Start date:
08/22/2014
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

Take the scenario:

LAN (IP: none) bridged to WAN (management IP on 192.168.1.10/24, gateway 1.1), where the system is strictly a filtering bridge.

Put a limiter on LAN firewall rule, where rule is interface LAN, proto any, source any, dest any, and specifying the limiter.

Hosts on LAN will work fine as long as they're within 192.168.1.0/24. Say you have a WAN-side secondary subnet of 192.168.2.0/24, that will be broken by limiters. Pings will get through, but TCP is unable to complete a handshake. Add an IP alias on WAN in 192.168.2.0/24, and the host on LAN on 192.168.2.0/24 will work. Take off the limiters and it works fine.

Expected result is the system won't care what IP subnet is in use, as in such transparent scenarios it shouldn't matter. The described 192.168.2.0/24 network should work with limiters without having an IP configured in that subnet.

Behavior same on 2.2, 2.1.5, and all prior releases. Not a very common scenario, and not a regression, so not targeting 2.2.

Actions

Also available in: Atom PDF