Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    can't use alias anymore on nat / port forward

    Scheduled Pinned Locked Moved
    2.5 Development Snapshots (Retired)
    3
    8
    604
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • kiokomanK
      kiokoman LAYER 8
      last edited by kiokoman

      error
      A valid destination bit count must be specified.

      Version	2.5.0-DEVELOPMENT (amd64)
built on Tue Oct 20 13:03:46 EDT 2020
FreeBSD 12.2-STABLE
The system is on the latest version.
Version information updated at Tue Oct 20 23:47:36 CEST 2020

      if I try to edit an existing NAT rule the destination change from "single host or alias" to "Network"
      if I use a single IP instead of an alias it work

      Immagine.jpg

      Immagine.jpg

      ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
      Please do not use chat/PM to ask for help
      we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
      Don't forget to Upvote with the 👍 button for any post you find to be helpful.

      1 Reply Last reply Reply Quote 0
      • viktor_gV
        viktor_g Netgate
        last edited by

        Fix:
        https://redmine.pfsense.org/issues/10984#note-5

        1 Reply Last reply Reply Quote 0
        • kiokomanK
          kiokoman LAYER 8
          last edited by

          thanks @viktor_g but the link to the fix i think is wrong, i can't open / see https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/23

          also there is a ticket open for it
          https://redmine.pfsense.org/issues/10996

          ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
          Please do not use chat/PM to ask for help
          we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
          Don't forget to Upvote with the 👍 button for any post you find to be helpful.

          1 Reply Last reply Reply Quote 0
          • rbgargaR
            rbgarga Developer Netgate Administrator
            last edited by

            Fix is now applied and will be available on next round of snapshots

            Renato Botelho

            1 Reply Last reply Reply Quote 1
            • kiokomanK
              kiokoman LAYER 8
              last edited by kiokoman

              ok the patch work and i can use alias again,
              I tested a nat port forward for ipv6
              and this is what I get

              Filter Reload
There were error(s) loading the rules: /tmp/rules.debug:119: syntax error - The line in question reads [119]: rdr on vmx0 inet6 proto { tcp udp } from any to ! port 53 -> 2001:470:b682:ffff:ffff:ffff:ffff:fffe
@ 2020-10-21 13:49:58

              Immagine.jpg

              Immagine.jpg

              ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
              Please do not use chat/PM to ask for help
              we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
              Don't forget to Upvote with the 👍 button for any post you find to be helpful.

              viktor_gV 1 Reply Last reply Reply Quote 0
              • viktor_gV
                viktor_g Netgate @kiokoman
                last edited by

                @kiokoman https://redmine.pfsense.org/issues/10984#note-7

                1 Reply Last reply Reply Quote 1
                • kiokomanK
                  kiokoman LAYER 8
                  last edited by

                  yup it seems to be ok now 👍

                  ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                  Please do not use chat/PM to ask for help
                  we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                  Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                  1 Reply Last reply Reply Quote 1
                  • kiokomanK
                    kiokoman LAYER 8
                    last edited by

                    tested now for 24 hours without any problem, rules and redirect work as expected, at least for dns

                    ; <<>> DiG 9.16.8 <<>> -6 @abcd:1234:abcd::1234 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20698
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1432
; COOKIE: b4478e1af406b0c4010000005f91fd06f6450beac9f0f72e (good)
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             264     IN      A       216.58.206.78

;; Query time: 2 msec
;; SERVER: abcd:1234:abcd::1234#53(abcd:1234:abcd::1234)
;; WHEN: Thu Oct 22 23:43:34 ora legale Europa occidentale 2020
;; MSG SIZE  rcvd: 83

                    [2.5.0-DEVELOPMENT][root@pfSense.kiokoman.home]/tmp: cat rules.debug | grep DNSv6
table <DNSv6> {   2001:470:b682:ffff:ffff:ffff:ffff:fffe  2001:470:26:5dc:ffff:ffff:ffff:fffd }
DNSv6 = "<DNSv6>"
rdr on vmx0 inet6 proto { tcp udp } from ! $DNSv6 to ! $DNSv6 port 53 -> 2001:470:b682:ffff:ffff:ffff:ffff:fffe
pass  in log  quick  on $LAN inet6 proto { tcp udp }  from ! $DNSv6 to 2001:470:b682:ffff:ffff:ffff:ffff:fffe port 53 tracker 1603300825 keep state  label "USER_RULE: NAT "

                    ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                    Please do not use chat/PM to ask for help
                    we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                    Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                    1 Reply Last reply Reply Quote 1
                    • First post
                      Last post