Quote from: Patrick M. Hausen on Today at 12:07:08 PMProbably. Don't know from the top of my head but that would explain the behaviour you observed.Just tried to test this and got this error when trying to save my alias:
Quote from: Patrick M. Hausen on Today at 11:59:03 AMI didn't put a netmask/prefix in at all. Just the exact IP, like "192.168.1.20". Does it then assume the whole network if I don't?Quote from: silmarine on Today at 11:54:51 AMThe source_net "PXKSM1" is a host alias I created
What netmask/prefix length did you use for that host alias? Needs to be /32 for IPv4 or /128 for IPv6 to match only a single host.
Quote from: silmarine on Today at 11:54:51 AMThe source_net "PXKSM1" is a host alias I created
Quote from: Patrick M. Hausen on Today at 11:12:02 AM@silmarine did you possibly use source or destination invert in your floating rule that did not work as expected?no, definitely not. I have only a couple of floating rules and they are intended for general rules from a couple of interfaces where similar clients to be, but are segmented for other reasons. For example, I have 3 networks were i would like to allow SSH from and to the same set of networks. So it instead of created 3 different rules I created on floating. Only thing is from one of those interfaces I only need a single host allowed. I exported my rule set and pasted this example rule here, if that helps to understand it.
| action | quick | interfacenot | interface | direction | ipprotocol | protocol | icmptype | icmp6type | source_net | source_not | source_port | destination_net | destination_not | destination_port | divert-to | gateway |
| pass | 1 | 0 | opt1,opt5,opt10 | in | inet46 | TCP | PXKSM1,opt1,opt10 | 0 | opt3,opt5,opt6,opt7,opt8 | 0 | ssh |
Quote from: patient0 on Today at 11:36:26 AMWhat outgoing NAT rules did you create? For what you wrote it seems that all necessary rules should have been automatic rule, no?
Quote from: newsense on Today at 11:25:10 AMWell that's the kicker: not everyone will have migrated to the new rules before upgrading to 26.7 and not everyone will have Automatic in SNAT.
Quote from: Monviech (Cedrik) on Today at 10:56:51 AMhe SNAT automatic issue should be fixed via
# opnsense-patch https://github.com/opnsense/core/commit/aa2a54a5a8