Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
Hybrid NAT Rules malfunction - manual rules not being added
« previous
next »
Print
Pages: [
1
]
Author
Topic: Hybrid NAT Rules malfunction - manual rules not being added (Read 3046 times)
drivera
Jr. Member
Posts: 80
Karma: 0
Hybrid NAT Rules malfunction - manual rules not being added
«
on:
December 09, 2018, 08:09:28 pm »
Hi!
The description for what "Hybrid outbound NAT rule generation" does is as follows: Automatically generated rules are applied after manual rules
However, I added some manual rules that I've confirmed aren't being added accordingly. Adding and removing the rules has no effect: using pfctl -sa produces the same NAT rule output each time.
I don't want to switch to fully manual rule generation if I can avoid it, so I can leverage the system's automatic rules.
Is this a known issue? Perhaps there's a misconfiguration somewhere else tripping me up?
Thoughts?
Thanks!
Logged
drivera
Jr. Member
Posts: 80
Karma: 0
Re: Hybrid NAT Rules malfunction - manual rules not being added
«
Reply #1 on:
December 09, 2018, 08:41:20 pm »
More details I left out about the manual rules I added (I posted in a hurry, sorry
):
The interface the packets will be outbound on is an OpenVPN client interface (already assigned a static name, and marked as "non-removable")
The OpenVPN connection is coming up fine, and appears to be working fine
Regardless of what I do, I can't get the rule generator to create those rules. Or, at least, they're not being listed when using
Code:
[Select]
pfctl -sa
.
Cheers!
Logged
drivera
Jr. Member
Posts: 80
Karma: 0
Re: Hybrid NAT Rules malfunction - manual rules not being added
«
Reply #2 on:
December 10, 2018, 06:30:50 pm »
I think I've found the issue. If I set any destination address as part of the selector for the NAT rule, the NAT rule won't be generated. If I leave the destination address as "any", the rule is generated just fine.
This seems like a bug to me: if destinations aren't supported as part of the rule selector, then one shouldn't be able to set them via the GUI. If one is able to set them via the GUI, then the rule generator should generate the NAT rules properly.
So - it's either a bug in the rule generator (not applying the destination specification to the rule's "to ..." selector), or a bug in the GUI permitting rule configurations that aren't allowed.
This is on 18.7.8, fully updated.
Thoughts?
Cheers!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
Hybrid NAT Rules malfunction - manual rules not being added