Bug #4300
closed
Can not enter outbound NAT destination port range
100%
Description
In pfSense 2.1.5, I could enter an outbound NAT rule with destination port range, and in pfSense 2.2, I get error that destination port is invalid.
For example, I wish to create NAT from localhost to WAN on ports 1025:65535...
Steps:
- Add new outbound NAT rule
- Select interface: WAN
- Select source: Network - 127.0.0.0/8 - (port blank)
- Select destination: any - (ip blank) - port 1024:65535
- Description: (anything)
- Save
You get: The following input errors were detected: You must supply either a valid port or port alias for the destination port entry.
This used to work fine in prior version.
Workaround: Create an alias for your desired port range.
Updated by Phillip Davis almost 10 years ago
That behavior was changed by https://github.com/pfsense/pfsense/commit/9060f420a9444c68fc8db926787d0bb37d77ed72
Not sure if it was intentional to remove the ability to directly type a port range in that field - one of the devs can comment on that.
Updated by Eric Hoffman almost 10 years ago
Thanks for the head-up. It seem to be to fix bug #3857. I concur that the edit box is a single port entry, and should probably be validated the same as other single-ports edit boxes throughout the firewall. The validator is probably the same for other port edit boxes, and the firewall may have assumption elsewhere.
The devs can probably comment on that but I tend to be in favor of the new validation (to stay consistent with single-port vs port range GUI elements). If we wish to have port ranges entered directly, we could have multiple edit boxes/combo, like for the port forwarding port ranges.
Updated by Eric Hoffman almost 10 years ago
One note, it is to be noted that this does NOT seem to break update, nor backup/restore. I.e. on upgrade, from 2.1.5, the rules were kept as is. I was also able to restore a config in which I had the port range directly set for this field. So that's a good thing! But further editing of the "legacy" rule will whine until the port is set using an alias.
Updated by Jim Pingle almost 10 years ago
In the meantime, that field may also be left blank so that it affects all ports, not only that specific range.
Updated by Chris Buechler almost 10 years ago
- Category set to Rules / NAT
- Status changed from New to Confirmed
- Target version set to 2.2.1
Updated by Renato Botelho almost 10 years ago
- Status changed from Confirmed to Feedback
- % Done changed from 0 to 100
Applied in changeset b601f897a5f6acfb4abc8beeedf0bb0d5cfa3193.
Updated by Renato Botelho almost 10 years ago
Applied in changeset 340e8bc5cf67a2e826df28d1ac3a1eb70ed2c5c5.