Skip to content

Unable to create port_forward NAT rule with enc0 as interface #336

Closed
#359
Closed
Unable to create port_forward NAT rule with enc0 as interface#336
#359
Labels
feature requestNew feature or request
@martialt

Description

@martialt
martialt
opened on Mar 29, 2023

Describe the bug
I tried to create port_forward NAT rule with enc0 as interface.

To Reproduce

  • Create a NAT port forward rule with wan as interface -> OK
{
  "apply": true,
  "descr": "From Postman",
  "disabled": false,
  "dst": "192.168.1.1",
  "dstport": "8080",
  "interface": "wan",
  "local-port": "80",
  "natreflection": "enable",
  "nordr": false,
  "nosync": false,
  "protocol": "tcp",
  "src": "any",
  "srcport": "any",
  "target": "192.168.1.2"
}
  • API response -> OK
{
    "status": "ok",
    "code": 200,
    "return": 0,
    "message": "Success",
    "data": {
        "interface": "wan",
        "protocol": "tcp",
        "target": "192.168.1.2",
        "local-port": "80",
        "source": {
            "any": ""
        },
        "destination": {
            "address": "192.168.1.1",
            "port": "8080"
        },
        "descr": "From Postman",
        "natreflection": "enable",
        "associated-rule-id": "pass",
        "created": {
            "time": 1680094211,
            "username": "admin@194.182.163.200 (API)"
        },
        "updated": {
            "time": 1680094211,
            "username": "admin@194.182.163.200 (API)"
        }
    }
}
  • Create a NAT port forward rule with enc0 as interface -> NOK
{
  "apply": true,
  "descr": "From Postman",
  "disabled": false,
  "dst": "192.168.1.1",
  "dstport": "8080",
  "interface": "enc0",
  "local-port": "80",
  "natreflection": "enable",
  "nordr": false,
  "nosync": false,
  "protocol": "tcp",
  "src": "any",
  "srcport": "any",
  "target": "192.168.1.2"
}

API response -> NOK

{
    "status": "bad request",
    "code": 400,
    "return": 4006,
    "message": "Unknown port forward interface",
    "data": []
}

If I modify the port_forward NAT rule from the UI to change wan by IPsec (enc0) -> OK

  • API Get https://{{url}}//api/v1/firewall/nat/port_forward -> OK
    But address is also /31 and I don't know why.
{
    "status": "ok",
    "code": 200,
    "return": 0,
    "message": "Success",
    "data": [
        {
            "source": {
                "any": ""
            },
            "destination": {
                "address": "192.168.1.1/31",
                "port": "8080"
            },
            "ipprotocol": "inet",
            "protocol": "tcp",
            "target": "192.168.1.2",
            "local-port": "80",
            "interface": "enc0",
            "descr": "From Postman",
            "associated-rule-id": "pass",
            "natreflection": "enable",
            "created": {
                "time": "1680094211",
                "username": "admin@194.182.163.200 (API)"
            },
            "updated": {
                "time": "1680094521",
                "username": "admin@194.182.163.200 (Local Database)"
            }
        }
    ]
}

Expected behavior
A port_forward rule with enc0 as interface.

pfSense Version & Package Version:

  • pfSense Version: 2.6.0-RELEASE (amd64)
  • Package Version v1.5.3

Affected Endpoints:

  • URL: /api/v1/firewall/nat/port_forward

In advance, thank you.

Metadata

Metadata

Assignees

No one assigned

    Labels

    feature requestNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions