Bug #4300: Can not enter outbound NAT destination port range - pfSense - pfSense bugtracker

Custom queries

2.4.5-p1 - Resolved/Closed
2.5.0 - Resolved/Closed
2.5.1 - Resolved/Closed
2.5.2 - Resolved/Closed
2.6.0 - Resolved/Closed
2.7.0 - Resolved/Closed
2.7.1 - All Open Issues
2.7.1 - Resolved/Closed
2.7.2 - Resolved/Closed
2.8.0 - All Open Bugs
2.8.0 - All Open Features
2.8.0 - All Open Issues
2.8.0 - All Open Regressions
2.8.0 - Feedback
2.8.0 - Needs Attention
2.8.0 - New/Confirmed
2.8.0 - Pull Requests
2.8.0 - Regressions affecting 2.7.0
2.8.0 - Resolved/Closed
21.02.2/2.5.1 - Resolved/Closed
21.05 Plus - All Closed Issues
21.05.1 Plus Target - All Closed Issues
21.05.1 Target - All Closed Issues
22.01 Plus - All Closed Issues
22.01 Target - All Closed Issues
22.05 Plus - All Closed Issues
22.05 Target - All Closed Issues
23.01 Plus - All Closed Issues
23.01 Target - All Closed Issues
23.05 Plus - All Closed Issues
23.05 Target - All Closed Issues
23.05.1 Plus - All Closed Issues
23.05.1 Target - All Closed Issues
23.09 Plus - All Closed Issues
23.09 Target - All Closed Issues
23.09.1 Plus - All Closed Issues
23.09.1 Target - All Closed Issues
24.03 Plus - All Closed Issues
24.03 Target - All Closed Issues
24.11 Plus - All Closed Issues
24.11 Plus - All Open Issues
24.11 Plus - Feedback Issues
24.11 Plus - Needs Attention/Work
24.11 Plus - New/Confirmed/In Progress Issues
24.11 Target - All Closed Issues
24.11 Target - All Open Issues
25.01 Plus - All Closed Issues
25.01 Plus - All Open Issues
25.01 Plus - Feedback Issues
25.01 Plus - Needs Attention/Work
25.01 Plus - New/Confirmed/In Progress Issues
25.01 Plus - Pull Request Review
25.01 Plus - Waiting on Merge
25.01 Target - All Closed Issues
25.01 Target - All Open Issues
All Open Issues assigned to Me
All Open Pull Requests
Any Target - All Open Regressions
Any Target - Feedback Issues
CE-Next - All Closed Issues (Move to specific target)
CE-Next - All Open Issues
CE-Next - Feedback (Likely needs target changed)
New Issues by Category - Future Target
New Issues by Category - No Target
New Issues by Category - No Target+Future
No Target - All Open Issues (Base Only)
No Target - New Issues (Base Only)
No Target - New Issues (Base and Packages)
Release Notes - Plus Target Version (DO NOT EDIT)
Release Notes - Target Version (DO NOT EDIT)

Actions

Copy link

Bug #4300

closed

Can not enter outbound NAT destination port range

Added by Eric Hoffman almost 10 years ago. Updated almost 10 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Rules / NAT

Target version:

2.2.1

Start date:

01/26/2015

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.2

Affected Architecture:

Description

In pfSense 2.1.5, I could enter an outbound NAT rule with destination port range, and in pfSense 2.2, I get error that destination port is invalid.

For example, I wish to create NAT from localhost to WAN on ports 1025:65535...

Steps:
- Add new outbound NAT rule
- Select interface: WAN
- Select source: Network - 127.0.0.0/8 - (port blank)
- Select destination: any - (ip blank) - port 1024:65535
- Description: (anything)
- Save

You get: The following input errors were detected: You must supply either a valid port or port alias for the destination port entry.

This used to work fine in prior version.

Workaround: Create an alias for your desired port range.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by Phillip Davis almost 10 years ago

That behavior was changed by https://github.com/pfsense/pfsense/commit/9060f420a9444c68fc8db926787d0bb37d77ed72
Not sure if it was intentional to remove the ability to directly type a port range in that field - one of the devs can comment on that.

Actions

Copy link

Updated by Eric Hoffman almost 10 years ago

Thanks for the head-up. It seem to be to fix bug #3857. I concur that the edit box is a single port entry, and should probably be validated the same as other single-ports edit boxes throughout the firewall. The validator is probably the same for other port edit boxes, and the firewall may have assumption elsewhere.

The devs can probably comment on that but I tend to be in favor of the new validation (to stay consistent with single-port vs port range GUI elements). If we wish to have port ranges entered directly, we could have multiple edit boxes/combo, like for the port forwarding port ranges.

Actions

Copy link

Updated by Eric Hoffman almost 10 years ago

One note, it is to be noted that this does NOT seem to break update, nor backup/restore. I.e. on upgrade, from 2.1.5, the rules were kept as is. I was also able to restore a config in which I had the port range directly set for this field. So that's a good thing! But further editing of the "legacy" rule will whine until the port is set using an alias.

Actions

Copy link