Project

General

Profile

Actions

Bug #5258

closed

Using pppoe WAN with ipv6 SLAAC, reply-to rules use the wrong interface address

Added by James Tandy about 9 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
Start date:
10/05/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:

Description

When enabling reply-to rules on WAN,
Where the WAN is PPPOE, configured by SLAAC,
When you add a rule, the reply-to address used is that of the physical interface, and not pppoeX.
This only applies to ipv6 rules.

With reply-to disabled:
pass in quick on pppoe1 inet proto icmp from any to 87.252.44.195 keep state label "USER_RULE: allow inbound ping"
pass in quick on pppoe1 inet6 proto ipv6-icmp all keep state label "USER_RULE: allow inbound icmpv6"

With reply-to enabled:
pass in quick on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto icmp from any to 87.252.44.195 keep state label "USER_RULE: allow inbound ping"
pass in quick on pppoe1 reply-to (sge0 fe80::f2f7:55ff:fe0c:5700) inet6 proto ipv6-icmp all keep state label "USER_RULE: allow inbound icmpv6"

sge0 is the physical WAN interface.
The gateway IP is correct.

Actions #1

Updated by David Wood about 9 years ago

There is a forum thread relating to this bug: https://forum.pfsense.org/index.php?topic=100403

Actions #2

Updated by Chris Buechler about 9 years ago

  • Category set to Rules / NAT
Actions #3

Updated by Viktor Gurov over 4 years ago

  • Status changed from New to Resolved
  • Target version set to 2.5.0

fixed in #9324

Actions

Also available in: Atom PDF