Problem update NAT Port Forwad between 2.01 and 2.0.2



  • Hello,

    I configured in pfsense 2.0.1 a NAT : Port Forward, resulting finally like this window: http://ge.tt/7UoZ8Mh/v/0?c

    A few time ago, i updated the version to 2.0.2 and now, i try to change the "Dest. addr" to other ip, but it's impossible because I receive an alert tell me that i need to put a "NAT Port", the asterisk is not valid yet.

    This is the diff of the confs:

    @@ -539,7 +539,7 @@
     			<protocol>tcp</protocol>
     			 <destination><address>XX.XX.XX.3</address>
    
    -				<port>1723</port>
    +</destination> 
    
     			<associated-rule-id>nat_50be24cccc3659.72223599</associated-rule-id>
    @@ -1127,7 +1127,7 @@
     		<sequence>system_information-container:col1:show,captive_portal_status-container:col1:close,carp_status-container:col1:close,cpu_graphs-container:col1:close,gateways-container:col1:close,gmirror_status-container:col1:close,installed_packages-container:col1:close,interface_statistics-container:col1:close,interfaces-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,log-container:col2:close,picture-container:col2:close,rss-container:col2:close,services_status-container:col2:close,traffic_graphs-container:col2:show,openvpn-container:col2:none,smart_status-container:col2:none,wake_on_lan-container:col2:none</sequence>
    
     	 <revision>-		<time>1369236876</time>
    +		<time>1369236747</time>
    
     		<username>admin@XX.XX.XX.28</username></revision> 
    @@ -1340,12 +1340,12 @@
     				 <any><destination>-				
    
    <address>XX.XX.XX.130</address>
    
    +				
    
    <address>XX.XX.XX.165</address>
    
     				<port>1723</port></destination> 
     			<protocol>tcp</protocol>
     			<target>10.80.2.3</target>
    -			<local-port>1723</local-port>
    +			 <local-port><interface>wan</interface>
    
     			<associated-rule-id>nat_50be24cccc3659.72223599</associated-rule-id></local-port></any>
    

    The problem is in the tags:

    <local-port>1723</local-port>
    +			<local-port></local-port>
    
    -				<port>1723</port>
    +				
    

    why before the tag <xxx>is permited and now not?

    Thanks,</xxx>



  • Because leaving it blank is potentially ambiguous to the user. You need to explicitly define what port it's going to internally.



  • But how it works in the old version?

    I have a problem now if I define a port, the vpn not connect. I think that Dest. Port is not the same port that NAT Port, not?



  • It should be 1723 as the destination and NAT ports. Putting 1723 in the NAT port is the same as leaving it blank was before.



  • Ok, thanks!


Locked