OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • redirect targe port any does not work on TCP/UDP nat rule
« previous next »
  • Print
Pages: [1]

Author Topic: redirect targe port any does not work on TCP/UDP nat rule  (Read 3146 times)

dragon2611

  • Jr. Member
  • **
  • Posts: 94
  • Karma: 4
    • View Profile
redirect targe port any does not work on TCP/UDP nat rule
« on: October 30, 2017, 10:02:14 pm »
If you try and create a nat rule that is destination port any redirect target port any you get the following error

Code: [Select]
The following input errors were detected:

    A valid redirect target port must be specified. It must be a port alias or integer between 1 and 65535.

I would take "any" to be 1-65535 in the case of proto tcp and/or udp.
Logged

BertM

  • Jr. Member
  • **
  • Posts: 53
  • Karma: 11
    • View Profile
Re: redirect targe port any does not work on TCP/UDP nat rule
« Reply #1 on: November 01, 2017, 03:33:49 pm »
Hi dragon2611,

If I understand correctly, you are trying to create a port forward rule for all available ports.
I think it is a good thing that OPNsense does not allow you to configure this, because it would make your firewall useless.

So what is it that you are trying to accomplish?
You want to send any traffic that comes in on your WAN interface to a specific address on your LAN?

In that case you could try a NAT One-to-One rule.

But would it not be better just to forward the ports you need?

Kind regards,
Bert
Logged

dragon2611

  • Jr. Member
  • **
  • Posts: 94
  • Karma: 4
    • View Profile
Re: redirect targe port any does not work on TCP/UDP nat rule
« Reply #2 on: November 02, 2017, 01:03:37 pm »
Hi BartM

In my particular case the rule also had a source match so it doesn't make the firewall totally useless as you'd have to know which IP's were allowed and spoof those, which shouldn't really work for TCP anyway but yes could be a problem for UDP- that said it was a quick and dirty hack and I do need to go in and be more explicit about the allowed ports.

It was for an Ovirt managed host where the Engine was elsewhere (engine's since been moved) also the machine itself has it's own iptables firewall.

I don't think it should be explicitly disallowed however, maybe it could warn you that it's a bad idea, but ultimately is it not down to the network admin to make the call if they really do want to do something stupid.
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • redirect targe port any does not work on TCP/UDP nat rule
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2