Project

General

Profile

Bug #696

Error in NAT rules generating

Added by Mike Stupalov about 9 years ago. Updated about 9 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Rules/NAT
Target version:
Start date:
06/25/2010
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.0
Affected Architecture:

Description

reproduce:
1. Set 'Firewall: NAT: Outbound' -> 'Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))'
2. Add some rule with 'Protocol' -> 'TCP/UDP' (can others too), than save and apply.

There are not correct rules pf. Syslog messages:

php: : There were error(s) loading the rules: /tmp/rules.debug:71: syntax error /tmp/rules.debug:72: syntax error /tmp/rules.debug:73: syntax error
pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [71]: nat on $WAN proto tcp/udp from 10.10.32.0/23 to any port 5060 -> 77.222.44.10/32 static-port

Associated revisions

Revision dabc7669 (diff)
Added by Erik Fonnesbeck about 9 years ago

Check for tcp/udp in the protocol specified for outbound NAT rules, since tcp/udp itself is not a valid protocol choice in pf. Fixes #696

History

#1 Updated by Erik Fonnesbeck about 9 years ago

Do you get an error with anything other than the tcp/udp option? That one in particular doesn't look like it is being handled right, but it is the only one that uses more than one at once, so the others should probably be fine.

#2 Updated by Chris Buechler about 9 years ago

Looks like that's the only case that's not handled right, rather than tcp/udp it should be { tcp udp }

#3 Updated by Erik Fonnesbeck about 9 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#4 Updated by Chris Buechler about 9 years ago

  • Status changed from Feedback to Resolved

fixed

Also available in: Atom PDF