Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.1 Legacy Series
»
[SOLVED] Purpose for hiding NAT rules from normal rules screen?
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] Purpose for hiding NAT rules from normal rules screen? (Read 10379 times)
packet loss
Full Member
Posts: 134
Karma: 26
[SOLVED] Purpose for hiding NAT rules from normal rules screen?
«
on:
January 30, 2016, 04:28:13 am »
After upgrading to 16.1 from from the lastest 15 production release using the webgui I encountered a port forwarding issue. My Xbox One nat turned to moderate from open which was very unusual. I couldn't see any of the normal rules generated from the NAT rules which I had previously created. It appears you modified the code in the 16.1 release:
" firewall: hide NAT rules from normal rules screen"
I restored a saved OPNsense config file and my Xbox nat returned to open from moderate. The normal rules were still hidden but it fixed the port forwarding issue. What was the purpose of hiding the normal NAT generated rules?
«
Last Edit: February 02, 2016, 06:43:25 am by franco
»
Logged
AdSchellevis
Administrator
Hero Member
Posts: 904
Karma: 183
Re: Purpose for hiding NAT rules from normal rules screen?
«
Reply #1 on:
January 30, 2016, 09:33:14 am »
You can find the discussion here
https://github.com/opnsense/core/issues/695
The problem is nat rules generate firewall rules that can't be edited, because they miss most of the content to make it valid, so the decision was made to hide those special cases here (they are after all visible in you nat section).
Our upgrade didn't supply any data migrations, so it shouldn't have changed anything in your config.
Logged
franco
Administrator
Hero Member
Posts: 17474
Karma: 1587
Re: Purpose for hiding NAT rules from normal rules screen?
«
Reply #2 on:
January 30, 2016, 02:19:12 pm »
I don't understand this. The fix was to hide rules that were display in the rules view by accident, the real rule is displayed under port forward and is still fully functional.
Explanations aside, changing the display in the GUI does not affect the config.xml nor the backend filter so a bug that directly relates to this change is impossible.
It would be good to know how the faulty config and the one you restored to differ in terms of NAT/rule configuration.
Logged
packet loss
Full Member
Posts: 134
Karma: 26
Re: Purpose for hiding NAT rules from normal rules screen?
«
Reply #3 on:
January 31, 2016, 01:22:04 am »
Since I seem to be the only one to report this issue, I would say lets assume it's user error at this point.
«
Last Edit: January 31, 2016, 03:28:54 am by azdps
»
Logged
packet loss
Full Member
Posts: 134
Karma: 26
Re: [SOLVED] Purpose for hiding NAT rules from normal rules screen?
«
Reply #4 on:
February 05, 2016, 07:23:40 pm »
What are the chances of there being an option to display NAT generated normal rules? By default they could be hidden but can be displayed maybe using either a toggle button or setting.
Logged
AdSchellevis
Administrator
Hero Member
Posts: 904
Karma: 183
Re: [SOLVED] Purpose for hiding NAT rules from normal rules screen?
«
Reply #5 on:
February 05, 2016, 07:34:54 pm »
I kind of forgot about this forum thread, but the behaviour of the nat rules is changed in the latest version because it has some other disadvantages of not seeing the rules generated here (like when using defective configs).
This commit changed it:
https://github.com/opnsense/core/commit/e1dd1839931ca804970a2f9b9b4c1237160adcca#diff-3ede0f3f1915131865cd1d7539e4a7e1
Now you can see the rules, but not edit or duplicate them.
Logged
packet loss
Full Member
Posts: 134
Karma: 26
Re: [SOLVED] Purpose for hiding NAT rules from normal rules screen?
«
Reply #6 on:
February 05, 2016, 08:25:23 pm »
Good news. Thanks for the update. That's the primary reason why I wanted to see the rules.
«
Last Edit: February 05, 2016, 08:29:33 pm by azdps
»
Logged
franco
Administrator
Hero Member
Posts: 17474
Karma: 1587
Re: [SOLVED] Purpose for hiding NAT rules from normal rules screen?
«
Reply #7 on:
February 06, 2016, 12:08:42 pm »
It's not entirely good news. It means there is an inconsistency in the rules code since at least 5 years. So this is not a fix, it's a workaround for setups that silently break with very old rulesets that predate OPNsense. We will have to restructure this for 16.7 to make proper progress on this front, Im afraid.
«
Last Edit: February 06, 2016, 12:12:47 pm by franco
»
Logged
packet loss
Full Member
Posts: 134
Karma: 26
Re: [SOLVED] Purpose for hiding NAT rules from normal rules screen?
«
Reply #8 on:
February 07, 2016, 02:46:03 am »
Understood. Yes I'm aware there is an issue(s) but for now it will be easier to identify problems. I've encountered a few issues such as being able to overlap used port rules and able to duplicate rules which obviously shouldn't be allowed. This was back a few releases ago and I haven't had the time to experiment at all lately. I noticed some of these issues when I was setting up port forwarding for my Xbox One. If I get the time maybe I might be able to reproduce those issues and report back. At this point since I haven't done any real testing with the 16.1 build, but when I get some time I will do my best to identify any issues if there's any at all.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.1 Legacy Series
»
[SOLVED] Purpose for hiding NAT rules from normal rules screen?