• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

NAT Reflection issue

Scheduled Pinned Locked Moved NAT
6 Posts 2 Posters 3.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    Speck
    last edited by May 18, 2009, 4:37 PM

    Hi everybody,

    I have a problem with nat reflection.

    It worked flawlessy till 1 mont ago or so, then in the event viewer started appearing this message:

    php: : Not installing nat reflection rules. Maximum 1,000 reached.

    The problem is that this in not true  ;D

    I've got no more than 100 maybe 120 port forward (considergin also the one with range, i mean in total i forward 120 ports)

    I checked inetd.conf and i can't understand why but every single entry is repeater 5 or 6 times:

    19000 stream tcp nowait/0 nobody /usr/bin/nc nc -w 20 192.168.0.2 80
    19001 stream tcp nowait/0 nobody /usr/bin/nc nc -w 20 192.168.0.2 80
    19002 stream tcp nowait/0 nobody /usr/bin/nc nc -w 20 192.168.0.2 80
    19003 stream tcp nowait/0 nobody /usr/bin/nc nc -w 20 192.168.0.2 80
    19004 stream tcp nowait/0 nobody /usr/bin/nc nc -w 20 192.168.0.2 80
    19005 stream tcp nowait/0 nobody /usr/bin/nc nc -w 20 192.168.0.2 80
    19006 stream tcp nowait/0 nobody /usr/bin/nc nc -w 20 192.168.0.2 80
    19007 stream tcp nowait/0 nobody /usr/bin/nc nc -w 20 192.168.0.2 443
    19008 stream tcp nowait/0 nobody /usr/bin/nc nc -w 20 192.168.0.2 443
    19009 stream tcp nowait/0 nobody /usr/bin/nc nc -w 20 192.168.0.2 443
    19010 stream tcp nowait/0 nobody /usr/bin/nc nc -w 20 192.168.0.2 443
    19011 stream tcp nowait/0 nobody /usr/bin/nc nc -w 20 192.168.0.2 443
    19012 stream tcp nowait/0 nobody /usr/bin/nc nc -w 20 192.168.0.2 443
    19013 stream tcp nowait/0 nobody /usr/bin/nc nc -w 20 192.168.0.2 443

    in this example there are two rules for a webserver HTTP and HTTPS.

    I tried manually edit inetd.conf but everytime a create a nat rule it is overwrited bye the "buggy" one.

    What can I Do? maybe this appens because I have LAN, DMZ and other 4 VLANS ? so it creates an entry for every interface?

    I'm running 1.2 release version installed on HDD.

    Any help would be appreciated!

    Thanks,
    Speck

    1 Reply Last reply Reply Quote 0
    • S
      Speck
      last edited by May 25, 2009, 5:48 AM

      So no one notice this?

      Do you know if there is a way to enable port forwarding just for some rules?

      can I do it manually?

      Thanks,
      Speck

      1 Reply Last reply Reply Quote 0
      • J
        jimp Rebel Alliance Developer Netgate
        last edited by May 25, 2009, 3:05 PM

        It is likely due to the multiple interfaces you have present. It appears as though it's trying to add one entry per interface that it thinks it should listen upon, but judging by what is in the inetd.conf you pasted, it really only needs one line per port, not per interface and per port.

        It's probably just a matter of fixing up the code that generates that part of the config. You may want to open a ticket and report this:

        http://cvstrac.pfsense.org/

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • S
          Speck
          last edited by May 26, 2009, 8:40 AM

          Ok, thanks.

          I'll open a ticket.

          In the meantime do you know how i can manually edit inetd.conf?

          Thanks,
          Speck

          1 Reply Last reply Reply Quote 0
          • J
            jimp Rebel Alliance Developer Netgate
            last edited by May 29, 2009, 9:00 PM

            Sorry for the late reply on this one.

            You can't edit inetd.conf, you'd have to edit the code that creates it. The relevant portion is in /etc/inc/filter.inc around lines 1135-1233 or so.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • S
              Speck
              last edited by Jun 4, 2009, 4:07 PM

              :o i think i'll wait until someone fix this  ;D

              i'm not enough skilled to put hands on configuration files  ;)

              Thanks,

              Speck

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received