Skip to content

fw4:Allow masquerade to set port #78

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
HSXX wants to merge 6 commits into from
Closed

fw4:Allow masquerade to set port #78

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
b8f9475
Update fw4.uc
HSXX Oct 21, 2025
6e33fce
Update redirect.uc
HSXX Oct 21, 2025
e5215bb
Update 07_redirect
HSXX Oct 21, 2025
9a929bb
Update 07_redirect
HSXX Oct 21, 2025
deb4647
Update 07_redirect
HSXX Oct 21, 2025
5598b5e
Update 07_redirect
HSXX Oct 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion root/usr/share/firewall4/templates/redirect.uc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,8 +74,10 @@
log prefix {{ fw4.quote(redirect.log, true) }} {%+ endif -%}
{% if (redirect.target == "redirect"): -%}
redirect{% if (redirect.rport): %} to {{ fw4.port(redirect.rport) }}{% endif %}
{%- elif (redirect.target == "accept" || redirect.target == "masquerade"): -%}
{%- elif (redirect.target == "accept"): -%}
{{ redirect.target }}
{%- elif (redirect.target == "masquerade"): -%}
{{ redirect.target }}{% if (redirect.rport): %} to :{{ fw4.port(redirect.rport) }}{% endif %}
{%- else -%}
{{ redirect.target }} {{ redirect.raddr ? fw4.host(redirect.raddr, redirect.rport != null) : '' }}
{%- if (redirect.rport): %}:{{ fw4.port(redirect.rport) }}{% endif %}
Expand Down
4 changes: 2 additions & 2 deletions root/usr/share/ucode/fw4.uc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3084,8 +3084,8 @@ return {
this.warn_section(data, "must not use 'snat_ip' for non-snat target, ignoring section");
return;
}
else if (snat.target != "snat" && snat.snat_port) {
this.warn_section(data, "must not use 'snat_port' for non-snat target, ignoring section");
else if (snat.target != "snat" && snat.target != "masquerade" && snat.snat_port) {
this.warn_section(data, "must not use 'snat_port' for non-snat or non-masquerade target, ignoring section");
return;
}

Expand Down
13 changes: 13 additions & 0 deletions tests/03_rules/07_redirect
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,17 @@ Test various address selection rules in redirect rules.
"dest_port": "27",
"target": "dnat"
}
],
"nat": [
{
".description": "Ensure that masq to specific port or port range rules work properly",
"name": "masq snat test #1",
"family": "ipv4",
"src": "wan",
"proto": "tcp udp",
"snat_port": "61000-62900",
"target": "MASQUERADE"
}
]
}
-- End --
Expand Down Expand Up @@ -298,6 +309,8 @@ table inet fw4 {
}

chain srcnat_wan {
meta nfproto ipv4 meta l4proto tcp counter masquerade to :61000-62900 comment "!fw4: masq snat test #1"
meta nfproto ipv4 meta l4proto udp counter masquerade to :61000-62900 comment "!fw4: masq snat test #1"
meta nfproto ipv4 masquerade comment "!fw4: Masquerade IPv4 wan traffic"
meta nfproto ipv6 masquerade comment "!fw4: Masquerade IPv6 wan traffic"
}
Expand Down