1 to 1 NAT allows entry of mixed IP addresses
When adding a 1:1 NAT entry it is possible to enter a mix of IPv4 and IPv6 addresses in the various External Internal and Destination IP boxes, which is not caught by the validation. Thus getting "error loading the rules", such as this example rubbish that I entered to get the message:
/rc.filter_configure_sync: New alert found: There were error(s) loading the rules: /tmp/rules.debug:45: binat ip versions must match - The line in question reads : binat on em0 from 18.104.22.168 to aaaa::4/31 -> bbbb::0
I guess it should make sure all the addresses are of one IP address family.
At the moment it allows entry of IPv6 addresses. Is that correct? Is the 1:1 NAT feature supposed to work fine with IPv6?
1:1 NAT does work for IPv6. It's similar to NPt, but for a single address -- NPt is really just a slightly different syntax for 1:1 NAT.
Sounds like the validation needs to ensure the address types match in this case.
- Status changed from New to Feedback
- % Done changed from 0 to 100
Target version could be set to 2.4.0 and then some independent person test.
- Status changed from Feedback to Resolved
- Assignee set to Phillip Davis
- Target version set to 2.4.0
Yes, this should have a 2.4 target. And it's already been tested, but I tested it again on a current snapshot and it's correctly validating.
- Target version changed from 2.4.0 to 2.3.3
Also available in: Atom