Modify

Opened 2 years ago

Last modified 2 years ago

#21431 new defect

firewall - redirection error - has invalid value

Reported by: Damian Kaczkowski Owned by: developers
Priority: highest Milestone: Designated Driver (Trunk)
Component: packages Version: Trunk
Keywords: Cc:

Description

Hello.

I spot today that 'fw3 reload' emits the following errors:

Warning: Option 'test'._comment is unknown
Warning: Option 'test'.src_dport has invalid value '88'
Warning: Option 'test'.dest_port has invalid value '88'
Warning: Section 'test' skipped due to invalid options

config:

config redirect 'test'
        option _comment 'test'
        option enabled '1'
        option name 'test'
        option mark '!0x1'
        option src 'wan'
        option proto 'tcp'
        option src_dport '88'
        option dest_ip '10.10.10.10'
        option dest_port '88'
        option target 'DNAT'
        option dest 'lan'
        option family 'ipv4'

target: ramips
rev: r47958 trunk

Attachments (0)

Change History (2)

comment:1 Changed 2 years ago by Damian Kaczkowski

Could someone please confirm if it's my fault or not? cc with the same config works with no problem.

comment:2 Changed 2 years ago by Damian Kaczkowski

Found the cause of the error.

Warning: Option @rule[10].proto has invalid value 'ipencap'
Warning: Section @rule[10] (Allow-IPENCAP) skipped due to invalid options

config rule
        option name 'Allow-IPENCAP'
        option enabled '0'
        option src 'wan'
        list src_ip '1.1.1.1/32'
        list src_ip '2.2.2.2/32'
        option proto 'ipencap'
        option family 'ipv4'
        option target 'ACCEPT'
cat /etc/protocols | grep ipencap
ipencap 4       IP-ENCAP        # IP encapsulated in IP (officially ``IP'')

Kernel modules for ipip/ipencap are installed.

Changing rule to:

config rule
        option name 'Allow-IPENCAP'
        option enabled '0'
        option src 'wan'
        list src_ip '1.1.1.1/32'
        list src_ip '2.2.2.2/32'
        option proto '4'
        option family 'ipv4'
        option target 'ACCEPT'

Fixes the reported redirect warnings and errors.

Something is bugged in dd trunk fw3. Devs please look into this. cc with 'ipencap' works just fine.

Thank you.

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.