Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    User rights - Edit NAT - No interfaces in list to choose from

    Scheduled Pinned Locked Moved webGUI
    3 Posts 2 Posters 357 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Parallelverschiebung
      last edited by

      Hello!
      I have a probably very simple problem. I need my users to self-administrate their Netgate SG3100 to a certain extend, which includes creating a NAT on the WAN interface. The user inherits his rights from a group, which grants the access to NAT: Port Forward. In detail:

      • WebCfg - Firewall: NAT: Port Forward
      • WebCfg - Firewall: NAT: Port Forward: Edit

      In addition, the following privileges are also assigned:

      • WebCfg - Dashboard (all)
      • WebCfg - Diagnostics: ARP Table
      • WebCfg - Diagnostics: DNS Lookup
      • WebCfg - Diagnostics: Ping
      • WebCfg - Diagnostics: Reboot System
      • WebCfg - Diagnostics: System Activity
      • WebCfg - Diagnostics: Test Port
      • WebCfg - Services: DHCP Server
      • WebCfg - Services: DHCP Server: Edit static mapping
      • WebCfg - Services: DNS Forwarder
      • WebCfg - Services: DNS Forwarder: Edit Domain Override
      • WebCfg - Services: DNS Forwarder: Edit host
      • WebCfg - Status: DHCP leases
      • WebCfg - System: User Password Manager

      Everything works fine except the Port Forwarding, as the user can't choose an interface because the list is empty. I also tried to fix this issue by assigning first only the 'Interfaces: WAN' privilege, later all privileges of the interfaces category. Sadly, I had no success with that.

      The hardware is a Netgate SG3100 with pfSense v.2.4.4-RELEASE-p3 (arm).
      Thank you in advance!

      pfSense_User_NAT.png

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        To be able to list all interfaces, the user should have access to Firewall > Rules page.
        I had to look it up in the master manual : the scripts.

        Add :

        85cb1a88-fc1b-47bb-8659-ecc6357d9a5f-image.png

        and the interfaces show up on the NAT :: Add or Edit page(s).

        This means the user has access to the firewall rules, maybe something you do not really want ...

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 1
        • P
          Parallelverschiebung
          last edited by

          Thank you!
          You're right, firewall access is not ideal in this case. But it's necessary for us to let people manage their port forwarding rules, so this is a preliminary solution we can live with. I hope they change this behaviour in a future release.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.