Feature #4259
closedPort forward NAT rules with "any" protocol
100%
Description
Hello,
i'm starting to use pfsense inside my company network but i see that pfsense is missing a NAT ability compared to other product used on our production environment.
It would be nice to be able to create NAT rules with "any" as ip protocol. I don't mean bi-nat rules but simple destination or source nat rules without specify the ip protocol to use.
For example we should need to create destination nat rules dst_IP -> dst_IP for all ip protocols.
I checked on pf manual and i see that the protocol is optional. Is it correct?
Thank you
Related issues
Updated by Chris Buechler almost 10 years ago
- Subject changed from NAT rules without ip protocol to Port forward NAT rules with "any" protocol
Updated by Ermal Luçi over 9 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 9bbc482102d7a0a562a4368e9034e499651ac2e6.
Updated by Ermal Luçi over 9 years ago
Applied in changeset ebb9469d4e7ccb1986a4c17f1cdb44caf6bb6ad8.
Updated by Phillip Davis over 9 years ago
The fix "Use proper variable to do calculations" is actually the fix for #4529 - bit confusing there with the numbers just switched around.
Updated by Chris Buechler over 9 years ago
- Status changed from Feedback to New
- % Done changed from 100 to 0
Updated by Giuanin Piemunteis about 8 years ago
Could be it implemented with the new 2.4 release ?
Updated by Viktor Gurov over 2 years ago
- Assignee set to Viktor Gurov
- Target version changed from Future to 2.7.0
- Plus Target Version set to 22.05
Updated by Jim Pingle over 2 years ago
- Status changed from New to Pull Request Review
Updated by Viktor Gurov over 2 years ago
- Status changed from Pull Request Review to Feedback
- % Done changed from 0 to 100
Applied in changeset 413ccc9447d65fed717c4bea565fb00a59ab62a9.
Updated by Alhusein Zawi over 2 years ago
- Status changed from Feedback to Resolved
added
rdr on em0 inet from any to 10.100.100.127 -> 10.10.10.30
2.7.0.a.20220422.0600
Updated by Jim Pingle over 2 years ago
- Status changed from Resolved to New
This is causing a PHP error:
strstr() expects at least 2 parameters, 1 given in /usr/local/pfSense/include/www/firewall_nat.inc on line 520 strstr() expects at least 2 parameters, 1 given in /usr/local/pfSense/include/www/firewall_nat.inc on line 521
Updated by Viktor Gurov over 2 years ago
Jim Pingle wrote in #note-11:
This is causing a PHP error:
[...]
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/752
Updated by Jim Pingle over 2 years ago
- Status changed from New to Pull Request Review
Updated by Viktor Gurov over 2 years ago
- Status changed from Pull Request Review to Feedback
Updated by Alhusein Zawi over 2 years ago
Error:
There were error(s) loading the rules: /tmp/rules.debug:166: syntax error - The line in question reads [166]: pass in quick on $WAN reply-to ( em0 10.100.100.1 ) inet proto any from any to 10.10.10.30 ridentifier 1651948803 keep state label "id:1651948803" label "USER_RULE: NAT test_any_rule"
2.7.0.a.20220426.0600
Updated by Viktor Gurov over 2 years ago
Alhusein Zawi wrote in #note-15:
Error:
There were error(s) loading the rules: /tmp/rules.debug:166: syntax error - The line in question reads [166]: pass in quick on $WAN reply-to ( em0 10.100.100.1 ) inet proto any from any to 10.10.10.30 ridentifier 1651948803 keep state label "id:1651948803" label "USER_RULE: NAT test_any_rule"
2.7.0.a.20220426.0600
You should test it on the latest snapshot (>20220428).
Updated by Alhusein Zawi over 2 years ago
I am still seeing the same error
2.7.0.a.20220513.0600
There were error(s) loading the rules: /tmp/rules.debug:167: syntax error - The line in question reads [167]: pass in quick on $WAN reply-to ( em0 10.100.100.1 ) inet proto any from any to 10.10.10.30 ridentifier 1652551188 keep state label "id:1652551188" label "USER_RULE: NAT "
@ 2022-05-14 11:00:15
Updated by Jim Pingle over 2 years ago
- Status changed from New to In Progress
- Assignee changed from Viktor Gurov to Jim Pingle
I can replicate the error here as well. It's failing to load the firewall rule because it has "proto any" where it should be omitted in that case. I found the test where it's falling through to that.
Updated by Jim Pingle over 2 years ago
- Status changed from In Progress to Feedback
Applied in changeset 0a008d142f32a667e93c5aeba97938f7b71eff5b.
Updated by Viktor Gurov over 2 years ago
- Related to Regression #13203: Floating rules without an interface are not loaded added
Updated by Danilo Zrenjanin over 2 years ago
Tested:
2.7.0-DEVELOPMENT (amd64) built on Fri May 27 06:19:08 UTC 2022 FreeBSD 12.3-STABLE
No errors and the rdr rule works as expected. I am marking this ticket as resolved.
Updated by Danilo Zrenjanin over 2 years ago
- Status changed from Feedback to Resolved