Bug #4564: DHCP WAN without an IP address can create an invalid ruleset with NAT reflection and destination any - pfSense - pfSense bugtracker

Actions

Copy link

Bug #4564

closed

DHCP WAN without an IP address can create an invalid ruleset with NAT reflection and destination any

Added by Jim Pingle about 9 years ago. Updated about 9 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Rules / NAT

Target version:

2.2.2

Start date:

03/30/2015

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.2.1

Affected Architecture:

Description

If the following events happen, invalid rules may be generated:

DHCP WAN has link but the interface cannot obtain an IP address (leaving the interface set to 0.0.0.0/8 while attempting to obtain an IP address)
Port forwards are present
NAT reflection is enabled and set to Pure NAT mode

The destination can in some cases be "/8" (without an address) or empty, depending on the destination set in the port forwards (e.g. "any")

One example:

There were error(s) loading the rules: /tmp/rules.debug:62: syntax error - The line in question reads [62]: rdr on { re2 re0 openvpn } proto tcp from any to /8 port 81 -> 192.168.1.11

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #4564

DHCP WAN without an IP address can create an invalid ruleset with NAT reflection and destination any

Updated by Ermal Luçi about 9 years ago

Updated by Chris Buechler about 9 years ago