Error Loading Rules - Only when using an Alias in NAT rule
-
Hi,
I'm having a problem when I try to deploy a particular NAT configuration. Basically I'm doing the DNS redirect that's documented here but instead of using ! LAN Network I'm trying to use ! Allowed_DNS where Allowed_DNS is an IP Alias I have defined (and working in the config in other parts) just fine.
Here's what I try to deploy:
Here's the rule close up:
And here's the rule when it works just fine:
For clarity, here's my Alias
Note that this Alias references other aliases, but any other alias it does reference is just a list of IPs. There's no alias referencing aliases referencing aliases, even though I can't see why that'd matter.
So when I try to deploy the rule using ! Allowed_DNS this is what ends up being created in /tmp/rules.debug
# NAT Inbound Redirects rdr on vtnet1 proto { tcp udp } from any to ! $Allowed_DNS port 53 -> 192.168.0.6 no nat on vtnet1 proto { tcp udp } from (vtnet1) to 192.168.0.6 port portNotice the port port there at the end of the second line? That is obviously the cause of the error. If I remove ! Allowed_DNS and replace it with !LAN Address this is the config that's created:
# NAT Inbound Redirects rdr on vtnet1 proto { tcp udp } from any to !192.168.0.1 port 53 -> 192.168.0.6 no nat on vtnet1 proto { tcp udp } from (vtnet1) to 192.168.0.6 port 53It now says port 53, as it should.
I don't know if it's any use, but this is the error pfSense gives me when I try to deploy the ! Allowed_DNS version:
There were error(s) loading the rules: /tmp/rules.debug:147: syntax error - The line in question reads [147]: no nat on vtnet1 proto { tcp udp } from (vtnet1) to 192.168.0.6 port port @ 2019-11-13 21:30:22Finally, here's (a tiny bit sanitised) details of my pfSense box:
Name <removed> User admin@192.168.0.120 (Local Database) System pfSense Netgate Device ID: <removed> BIOS Vendor: SeaBIOS Version: rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org Release Date: Tue Apr 1 2014 Version 2.4.4-RELEASE-p3 (amd64) built on Wed May 15 18:53:44 EDT 2019 FreeBSD 11.2-RELEASE-p10 The system is on the latest version. Version information updated at Wed Nov 13 20:20:37 NZDT 2019 CPU Type Intel(R) Core(TM) i5-5250U CPU @ 1.60GHz 2 CPUs: 1 package(s) x 2 core(s) AES-NI CPU Crypto: Yes (active) Hardware crypto AES-CBC,AES-XTS,AES-GCM,AES-ICM Kernel PTI Disabled Uptime 22 Days 15 Hours 44 Minutes 43 SecondsCan anyone give me some pointers? What am I doing wrong that's causing the odd "port port" at the end of the line?
Thanks!
TimNote: Dear Askimet I promise this is not a spam post!
-
I'm thinking I should log a bug about this - the fact I can do something in the GUI that generates a faulty rules.debug makes me thing it's redmine worthy.
I am, however, also aware that Redmine is not for technical support.
What do people think, is this
a) A valid bug
b) User error?
Thanks!
Tim -
@muppet said in Error Loading Rules - Only when using an Alias in NAT rule:
here
I've created a bug report for it
I'm getting the same in 2.4.4 p3 and 2.4.5-RC, trying to do the same as you with redirecting DNS