2.2.1\. Port is not a valid destination port



  • G'day all  ;D

    I'm having this problem:

    | Jun 22 17:00:01 | php: rc.filter_configure_sync: filter_generate_port: PORT_LAN_ALLOWED_OUT is not a valid destination port. |

    I found this thread:
    https://forum.pfsense.org/index.php?topic=89906.0

    Which suggests it should be fixed on final 2.2.1 (which I have), as that threat was about 2.2.1-DEV.

    I also found this thread:
    https://forum.pfsense.org/index.php?topic=78097.0

    But as far as I can tell I did create the right kind of alias (pic attached).

    EDIT: on attaching that pic I realize the problem is a different one.

    The problem is that the firewall somehow is referencing (probably an old) alias that doesn't exist anymore. As you can see, the above is complaining about **PORT_LAN_ALLOWED_OUT, however, in the pic it clearly shows only _TCP and _UDP exist. This was the same problem I had on 2.0 and 2.1, old aliases not being deleted. And that was the reason for me having to do a completely fresh install and a full new customization (as restoring config backup didn't work). BB even tried to help me hacking the XML of the config backup, but that didn't work out either.

    Please tell me I don't need to go over yet again a full new customization :'( I just noticed port aliases can not be seen in Diagnostics/tables, so no way to check if the wrong alias is there.

    Thank you in advance for any help  ;D

    Bye,


  • Banned

    Kindly test with latest snapshot, not outdated stuff. E.g., https://redmine.pfsense.org/issues/4701



  • How many rules do you have? It is just a matter of looking through the rules and finding where the old alias name is used. Then modify (or delete) the rules as appropriate. You can have a copy of config.xml in an editor if you like and search for the alias names that are reported as a problem - that would help you find the rule/s concerned if you have trouble seeing them in the GUI.



  • @doktornotor:

    Kindly

    You started well, Dok  ;D ;D ;D

    not outdated stuff. E.g., https://redmine.pfsense.org/issues/4701

    Hum ( ;D )

    I didn't upgrade to 2.2.2 because:
    A. Upgrades so far have only given me problems so I avoid if not necessary for me (which seems solid IT-gurus policy);
    B. I went through the release notes for the upgrade, there was nothing that solved a problem I was having <-> "if it ain't broken, don't fix it".

    Aside from that, I have no clue how to install a snapshot (there's no clear tuto in the wiki for it as far as I know), so I always wait until a final release is out, await what the experiences reported back in the forum are, and then prepare for a fresh new install (as every upgrade sofar has led to ending in having to install and customize everything anew).

    And second 'aside from that': I am not sure if the link to the redmine bug you posted is applicable here: this isn't about NAT/port forward.

    It's not that I want to be a pain in the ass, it is that I just don't like to live a dangerous life at the forefront of developments  ;D ;D ;D


  • Banned

    Have you rebooted the thing after removing the aliases?



  • @phil.davis:

    How many rules do you have? It is just a matter of looking through the rules and finding where the old alias name is used. Then modify (or delete) the rules as appropriate. You can have a copy of config.xml in an editor if you like and search for the alias names that are reported as a problem - that would help you find the rule/s concerned if you have trouble seeing them in the GUI.

    Thank you Phil  :-*

    I can assure you, Sir Phil, I did check this in the GUI. I will check the config backup *.xml too. In my previous problems in 2.0 and 2.1 (where BB so kindly helped me in this matter) there was nothing to be seen in the GUI, yet in the *.xml there were references found.

    I'll report back here / "I'll be back" © ugly ugly ugly man from Austria  ;D ).



  • @Supermule:

    Have you rebooted the thing after removing the aliases?

    Thanks SuperMule  ;D

    Yes, multiple times. Not for this problem, but for others. But still: it has been rebooted several times since.


  • Banned

    Post a picture of outbound nat and outbound rules?

    Wondering if there is a maximum on the length of the alias?



  • @Supermule:

    Post a picture of outbound nat and outbound rules?

    Wondering if there is a maximum on the length of the alias?

    Sorry for not responding sooner  :-[

    Thank you for your reply, I will post it shortly  ;D