Bug #7463
closed
FQDN Alias as "NAT Redirect target IP" fails to expand to IP
0%
Description
When using a FQDN alias in the "Redirect target IP" field of a NAT rule, the rule will fail to work.
Steps to reproduce:
1. Setup an Alias using a FQDN of a host
1.a. Alias SSH_SERVER = ssh.my.domain
2. Setup a NAT rule to redirect to said alias
2.a NAT Redirect target IP = SSH_SERVER
3. SSH Fails to connect from the outside.
Upon changing the alias to an IP (SSH_SERVER = 192.168.1.10) I can connect just fine from the outside. Similarly, if I input the IP directly into the NAT rule everything works fine.
While it would be very nice for this to work as expected, at minimum an error should pop up if you try to assign a FQDN alias to a NAT redirect rule.
Updated by Jim Pingle over 8 years ago
- Status changed from New to Rejected
It works fine here when I test it. I don't have anything running on the target itself, but the connection and packets make it all the way through:
: cat /var/etc/filterdns.conf
pf dmzdemo.example.com NATHostDest
: host dmzdemo.example.com
dmzdemo.example.com has address 10.3.1.10
: pfctl -T show -t NATHostDest
10.3.1.10
: grep NATHostDest /tmp/rules.debug
table <NATHostDest> persist
NATHostDest = "<NATHostDest>"
rdr on vmx0 proto tcp from any to 198.51.100.3 port 2222 -> $NATHostDest
rdr on { vmx1 vmx2 l2tp enc0 openvpn LocalNetworks pkg_tinc } proto tcp from any to 198.51.100.3 port 2222 -> $NATHostDest
pass in quick on $WAN reply-to ( vmx0 198.51.100.1 ) inet proto tcp from any to $NATHostDest port 2222 tracker 1492007153 flags S/SA keep state label "USER_RULE: NAT NAT Host Dest test"
: pfctl -ss | grep 2222
vmx0 tcp 10.3.1.10:2222 (198.51.100.3:2222) <- 198.51.100.108:49914 CLOSED:SYN_SENT
vmx2 tcp 198.51.100.108:49914 -> 10.3.1.10:2222 SYN_SENT:CLOSED
Please start a thread on the forum if you need assistance.