Welcome, Guest. Please login or register.

Author Topic: NAT Port Fowarding Ranges Not Workig Correctly  (Read 116 times)

tuaris

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
NAT Port Fowarding Ranges Not Workig Correctly
« on: August 01, 2019, 08:05:02 AM »
Looks like (at least on build 156) when setting up a Firewall: NAT forwarding rule using a range of ports, only the first port is used as the destination. 

For example I want to create a new rule to forward ports 5269 to 5271 to the internal client 192.168.0.2

- In the "External port range" field I put in 5269 in the first box and 5271 in the second.
- In the "NAT IP" field I put 192.168.0.2
- In the "Local port" field I enter 5269.
- I click save and the corresponding Firewall rules to allow the traffic on this port range are created correctly.

The expected result is that the end port will be calculated automatically so an traffic going to port 5270 will be redirected to 192.168.0.2:5270
The actual result is traffic destined for port 5270 is being redirected to 192.168.0.2:5269

This can be demonstrated with netcat

On: 192.168.0.2 start up two netcat processes
Code: [Select]
```
# nc -l 5270
```
```
# nc -l 5269
```

On an external client make the connection (X.X.X.X is the public IP of the t1n1wall):
Code: [Select]
```
nc X.X.X.X 5270
```

In the t1n1wall log, note the destination port
Code: [Select]
```
Aug  1 02:57:32 <local0.info> stargate pfmon[86]: 02:57:31.881624 em0 @50 pass X.X.X.X,13376 -> 192.168.0.2,5269 PR tcp len 20 40 -S in match
```

On the external client, send some data
Code: [Select]
```
nc X.X.X.X 5270
Test
```

The data is received on the netcat process listening on port 5269:
Code: [Select]
```
# nc -l 5270
```
```
# nc -l 5269
Test
```

tuaris

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: NAT Port Fowarding Ranges Not Workig Correctly
« Reply #1 on: August 01, 2019, 08:11:18 AM »
I just tested in on a different device that is on 2.11.1b167 and it's the same behavior.

andywhite

  • Administrator
  • Full Member
  • *****
  • Posts: 116
  • Karma: +0/-0
    • View Profile
Re: NAT Port Fowarding Ranges Not Workig Correctly
« Reply #2 on: August 10, 2019, 01:47:35 PM »
Please try r168