redirect targe port any does not work on TCP/UDP nat rule

[dragon2611]

If you try and create a nat rule that is destination port any redirect target port any you get the following error

Code Select Expand

The following input errors were detected:

    A valid redirect target port must be specified. It must be a port alias or integer between 1 and 65535.

I would take "any" to be 1-65535 in the case of proto tcp and/or udp.

[BertM]

Hi dragon2611,

If I understand correctly, you are trying to create a port forward rule for all available ports.
I think it is a good thing that OPNsense does not allow you to configure this, because it would make your firewall useless.

So what is it that you are trying to accomplish?
You want to send any traffic that comes in on your WAN interface to a specific address on your LAN?

In that case you could try a NAT One-to-One rule.

But would it not be better just to forward the ports you need?

Kind regards,
Bert

[dragon2611]

Hi BartM

In my particular case the rule also had a source match so it doesn't make the firewall totally useless as you'd have to know which IP's were allowed and spoof those, which shouldn't really work for TCP anyway but yes could be a problem for UDP- that said it was a quick and dirty hack and I do need to go in and be more explicit about the allowed ports.

It was for an Ovirt managed host where the Engine was elsewhere (engine's since been moved) also the machine itself has it's own iptables firewall.

I don't think it should be explicitly disallowed however, maybe it could warn you that it's a bad idea, but ultimately is it not down to the network admin to make the call if they really do want to do something stupid.