4. BUG? Source ports range as alias

BUG? Source ports range as alias

  • M

    Hi… I have troubles when I tru to use source port range with aliases... It looks like a bug.

    Here are the steps to reproduce:

    1. Define few ports as alias. As example
        Name MyPorts
        Ports 25 and 110
    2. Add Firewall rule
        Set 'Destination port range'
          From (other) MyPorts
          To (other) MyPorts
        All other leave by default
    3. Add second firewall rule
        Set 'Source port range'
          From (other) MyPorts
          To (other) MyPorts
        All other leave by default

    Try to applay rules. And you got the following error:

    There were error(s) loading the rules: /tmp/rules.debug:161: syntax errorpfctl: Syntax error in config file: pf rules not loaded - The line in question reads [161]: pass in quick on $INET proto tcp from any port { $MyPorts } to any flags S/SA keep state label "USER_RULE".

    Here are (part of) /tmp/rules.debug:
    MyPorts = "{ 25 110 }"
    pass in quick on $INET proto tcp from any to any port $MyPorts flags S/SA keep state  label "USER_RULE"
    pass in quick on $INET proto tcp from any port { $MyPorts } to any flags S/SA keep state  label "USER_RULE"

    Well … what you can see from here - the first rules was appl. sucessfuly the second one fail.
    The difference in syntax is 2 { } arround $MyPorts
    Probably this is the problem ?

    PS: Please take my appologies for my bad english…

    0
  • H

    Is that already on RC3? I think something like that was fixed some time ago. In case you are not yet running RC3 please update and retest.

    0
  • M

    Yes.. This is on fresh install of PFSense 1.0 RC3 (1.0-RC3
    built on Mon Oct 2 01:06:05 UTC 2006)

    0
  • H

    Ok, we'll look into it. thanks for the great report btw.

    0
  • T

    I got another Bug on RC3 similar to this
    when I enter in NAT a Source Port alias it will be also used in the Destination Field and you cannot get the Alias in the Destination Field away. The only way around is if I dont use the Alias in the source Port FIeld. Happens only whe you use an alias in the Source Field

    0
  • H

    @tec:

    I got another Bug on RC3 similar to this
    when I enter in NAT a Source Port alias it will be also used in the Destination Field and you cannot get the Alias in the Destination Field away. The only way around is if I dont use the Alias in the source Port FIeld. Happens only whe you use an alias in the Source Field

    Not a bug but a limitation. How would you shift portsaliases consisting of several ports to several other ports? If you use portsaliases you can't move them to other ports but only forward them 1:1.

    0
  • T

    In this particular case the PortAlias was consisting of one Port only and this worked on RC2
    Alias "PC1RDP" had the Port 34621 in it, I selected this Alias as Source and wanted as Destinatination MSRDP. But he filled the Field with ""PC1RDP"

    0
  • H

    In RC2 you were able to do this even if a portsalias coonsisted of more than one port which caused issues when using somethig else as internal destination port. To prevent this from happening we locked down the inputfields to be 1:1 mappings when using an alias.

    0
  • T

    Ok, sad to hear it but I have to live with it.
    Cheers

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy