Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
15.7 Legacy Series
»
[SOLVED] Firewall: NAT: Outbound : Mapping only for network, not single address
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] Firewall: NAT: Outbound : Mapping only for network, not single address (Read 9856 times)
weust
Hero Member
Posts: 650
Karma: 57
[SOLVED] Firewall: NAT: Outbound : Mapping only for network, not single address
«
on:
August 28, 2015, 09:04:55 pm »
I use a outbound static mapping for my PlayStation 3 and 4. They need it to get a Type 2 connection.
Without it, voice communication doesn't work and multiplayer games barely work.
But for the Source I can only set a Network (ie. 192.168.1.0/24), "any" or "This Firewall (self)".
I don't need my entire LAN to use static mapping towards the internet, just the IP address of the PlayStation console.
Is it possible to get a "Single IP address" type option?
«
Last Edit: September 10, 2015, 05:36:25 pm by weust
»
Logged
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.
AdSchellevis
Administrator
Hero Member
Posts: 904
Karma: 183
Re: Firewall: NAT: Outbound : Mapping only for network, not single address
«
Reply #1 on:
August 29, 2015, 09:51:14 am »
Hi Tom,
If you have the time, can you try the development version. I've refactored the page last week and you should be able to fill it in now, although I'm not absolutely sure the backend code handles it correctly.
Cheers,
Ad
Logged
weust
Hero Member
Posts: 650
Karma: 57
Re: Firewall: NAT: Outbound : Mapping only for network, not single address
«
Reply #2 on:
August 29, 2015, 12:34:54 pm »
Hi Ad,
No problem. Will give that a go later today.
If the backend code doesn't handle it properly, the PlayStation network test will show that.
It shows a Type 3 meaning the traffic is being NAT'ed, and I will have voice comm and multi player issues.
Will update the topic on my findings.
Logged
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.
weust
Hero Member
Posts: 650
Karma: 57
Re: Firewall: NAT: Outbound : Mapping only for network, not single address
«
Reply #3 on:
August 29, 2015, 12:56:25 pm »
Already giving it a go...
Nice thing is I can select the Alias for my PlayStation, instead of typing it's address.
But when I only change that, and press save I get an error message:
Quote
The following input errors were detected:
•A valid target IP address must be specified.
Bit weird, since Destination is "any".
Also tried this with entering the source IP address just in case something got mixed up there.
Also, since there is no input for "target IP address" on the page, what does it relate too?
Last, pressing the Cancel button doesn't return you to the overview page with all rules, but clears any changes on the page you were editing. That doesn't sound very consistent to other pages?
Meaning I have to select NAT in the menu again, and go to the Outbound tab manually.
Hope this helps in making it better. If you want me to test something again, let me know.
Logged
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.
AdSchellevis
Administrator
Hero Member
Posts: 904
Karma: 183
Re: Firewall: NAT: Outbound : Mapping only for network, not single address
«
Reply #4 on:
August 29, 2015, 07:30:17 pm »
The error message / input is a bit confusing, I have copied the old ones in and with "target" it should mean "Translation"..
I think we should rename translation to something less confusing....
The problem with the cancel button is odd, it's doing the same as all the other pages for as far as I can see (return to caller). But is probably related to the error message, when you do an apply, the caller will be the same page you where on. (other pages have this flaw as well)
Logged
weust
Hero Member
Posts: 650
Karma: 57
Re: Firewall: NAT: Outbound : Mapping only for network, not single address
«
Reply #5 on:
August 29, 2015, 10:01:09 pm »
Confusion aside, why would it give me that error when it worked fine before?
It's a static mapping, so what is there to translate?
Sound like that is the case with the return to caller.
Logged
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.
AdSchellevis
Administrator
Hero Member
Posts: 904
Karma: 183
Re: Firewall: NAT: Outbound : Mapping only for network, not single address
«
Reply #6 on:
August 30, 2015, 11:07:58 am »
My mistake, I responded a bit too quick...
The Translation/target was supposed to be optional and by mistake I made it required ;(
This commit should fix the issue:
https://github.com/opnsense/core/commit/8addbbee668a9b5fd1179eacf5ea343a69ebe5c2
If you have time to test again, just overwrite that file or try the current version in git using the core checkout in the /root directory.
Logged
weust
Hero Member
Posts: 650
Karma: 57
Re: Firewall: NAT: Outbound : Mapping only for network, not single address
«
Reply #7 on:
August 30, 2015, 12:46:25 pm »
I'll just manually edit the file and replace what's needed :-)
I don't use GitHub for checkouts etc.
Logged
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.
franco
Administrator
Hero Member
Posts: 17485
Karma: 1589
Re: Firewall: NAT: Outbound : Mapping only for network, not single address
«
Reply #8 on:
September 10, 2015, 05:31:25 pm »
Sooo... all good?
Logged
weust
Hero Member
Posts: 650
Karma: 57
Re: Firewall: NAT: Outbound : Mapping only for network, not single address
«
Reply #9 on:
September 10, 2015, 05:36:12 pm »
Yes, Ad (or Jos?) did a TeamViewer session to my machine and fixed it and put it on GitHub as well.
We discussed it more on IRC, so this topic is done.
I will update with [Solved]
Logged
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.
franco
Administrator
Hero Member
Posts: 17485
Karma: 1589
Re: [SOLVED] Firewall: NAT: Outbound : Mapping only for network, not single address
«
Reply #10 on:
September 10, 2015, 05:50:42 pm »
brilliant,cheers!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
15.7 Legacy Series
»
[SOLVED] Firewall: NAT: Outbound : Mapping only for network, not single address