GUI for NAT

tomli

I assigned the below privilege for user operator. The user cannot view the NAT port forward ruleset
0_1528587904468_19af273e-ae14-4bb1-838c-bc92c806a442-圖片.png

admin:
0_1528587957293_958393dc-6e5a-4267-a9e1-74bcbef4dec2-圖片.png

operator:
0_1528588001772_f6390392-ff37-4ece-935f-a112f47c852e-圖片.png

I tested it in deference pfsense version 2.0 - 2.3. Is it a bug in pfsense GUI? Please advise.

johnpoz

What version of pfsense is that from? Operator is not a valid username currently

Trying to duplicate your problem I get this
That username is reserved by the system.

I would suggest you run current version of pfsense and use a different username.

If still having issue then can take a look.

stephenw10

Yes you need to test in a current pfSense version. Preferably 2.4.3_1 but at least 2.3.5_2 if your hardware doesn't support 2.4.X.

Steve

tomli

I installed a new version 2.4.3 and created account tom for testing.

0_1528679418418_95e32692-f426-4cf5-bc81-7a1b01bf7a27-圖片.png

Admin:
0_1528679489932_ff7dc128-133a-4053-8a7e-ca197d5b9766-圖片.png

tom:
0_1528679529940_a3e72af7-6bae-4e7f-8608-02baf8f88f9d-圖片.png

Version 2.4.3_1 have the same issue.

ashima

Also Add

Webcfg - Firewall NAT : Port Forward (Edit)

It should work

tomli

We don´t want to grant edit priviliage for normal user/operator. Do you have other suggestions?

Thanks.

stephenw10

I'm also seeing this. Not adding the edit page does not actually stop some edits though. For example you can see the outbound NAT rules without have the webcfg edit enabled and you can remove outbound NAT rules.

To prevent that user having edit privilege add the User - Config: Deny write property.

That does apply globally though.

Steve

jimp

Confirmed here as well, I just opened https://redmine.pfsense.org/issues/8563 for it

jimp

Should be OK on the next snaps/release.

https://github.com/pfsense/pfsense/commit/2e6167e71e7f6d83f52094a22a9a5be6ea39859b

tomli

Thank you for all.