Project

General

Profile

Actions

Bug #6985

closed

NPt rules are causing a filter error on 2.4

Added by Jim Pingle almost 8 years ago. Updated almost 8 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
Start date:
12/05/2016
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4
Affected Architecture:
All

Description

Network Prefix Translation rules that worked on 2.3.2 are causing a filter reload error on 2.4

Real addresses masked below.

GUI Config:
Firewall > NAT, NPt tab (/firewall_nat_npt.php)
  • Disabled: Unchecked
  • Interfaces: HENETV6
  • Internal Prefix NOT: Unchecked
  • Internal Prefix Address: 2001:db8:1:D000::/52
  • Destination Prefix NOT: Unchecked
  • Destination Prefix Address: 2001:xxxx:xxxx:D000::/52
  • Description: Test Net 2

Log message produced:

Dec 5 13:54:48     php-fpm     23620     /rc.filter_configure_sync: New alert found: There were error(s) loading the rules: /tmp/rules.debug:137: syntax error - The line in question reads [137]: binat on $HENETV6 from any to 2001:xxxx:xxxx:D000::/52 -> 2001:db8:1:D000::/52

Lines for this NPt entry in /tmp/rules.debug (lines 136-137):

binat on $HENETV6 from 2001:db8:1:D000::/52 to any -> 2001:xxxx:xxxx:D000::/52
binat on $HENETV6 from any to 2001:xxxx:xxxx:D000::/52 -> 2001:db8:1:D000::/52

I'll push a commit to comment out the second line to prevent the filter reload error momentarily so that it does not negatively impact others until a fix is determined. It may be that the second line is no longer needed, but testing is required to confirm that yet.

Actions

Also available in: Atom PDF