Firewall: Rules: Edit - gateway groups are not shown

  • using:
    2.1-BETA1 (amd64)
    built on Wed Jan 9 07:10:00 EST 2013

    In <firewall: rules:="" edit="">there are no gateway groups listet. I can only chose normal gateways.</firewall:>

  • I am on:
    2.1-BETA1 (i386)
    built on Thu Jan 10 00:55:29 EST 2013
    I have tried creating various gateways and gateway groups, then add and editing rules.
    When editing an IPv6 rule, the gateways dropdown shows IPv6 gateways, but not IPv6 gateway groups.
    When editing an IPv4 rule, the gateways dropdown shows IPv4 gateways, and gateway groups.
    Is it IPv6 rules you are having a problem with?
    Or some other combination?

  • The code in return_gateway_groups_array() does not seem to support IPv6 gateway groups yet. When processing an IPv6 gateway group, it logs:

    Jan 10 21:30:43 	php: : Gateways status could not be determined, considering all as up/active. (Group: V6GW)
    Jan 10 21:30:43 	php: : GATEWAYS: We did not find the first tier of the gateway group V6GW! That's odd.

    It is only odd, because it looped through the list of gateways in the group, looking for the first gateway with an IPv4 address.
    Perhaps one of the devs who knows more about this can confirm if using policy-based routing into an IPv6 gateway group is supposed to be supported yet?

  • i have checked this.
    If you make a new rule you will see gateway groups.
    If you edit an exisiting ipv4 rule you won't see it any more. Further your gateway will change to default and your rule is broken.

  • Rebel Alliance Developer Netgate

    IPv6 policy routing should work, I have gateway groups for it setup on my home router.

    There is probably a bug somewhere in the verification.

    Though first before anything else, edit/save all of your gateways, just to make sure that internally they all have the correct ip protocol (inet or inet6) it's possible that if you have been upgrading from older snapshots that some gateways have the wrong internal tag for their own type.

  • The whole config was buggy.
    IPSec didn't work too. So I set it to factory default and made all settings again.

Log in to reply