Bug #3327

Deny port forwarding the same port

Added by Filippo Carletti over 5 years ago. Updated over 5 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-firewall-base
Target version:v6.7
Security class: Resolution:
Affected version:v6.7 NEEDINFO:No

Description

The Port forwarding user interface allows creating more than one forward for the same port and wan ip. While technically allowed, only the first rule is applied.
I would like to add a check to deny creating a forward on a port already "busy".

Steps to reproduce:
1. create a port forward for any wan ip port 22 to an host A
2. create another identical port fwd to another host B
3. try to connect from outside to port 22, you will go to host A

Desired behavior: in step 2, show an error that says something like "port x il already busy".

The check has to evaluate both port and wan ip: the same port on different ip can be forwarded.

Associated revisions

Revision 8ab293a1
Added by Giacomo Sanchietti over 5 years ago

Web UI: check for duplicate port forward. Refs #3327

History

#1 Updated by Filippo Carletti over 5 years ago

  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20

#2 Updated by Giacomo Sanchietti over 5 years ago

  • Description updated (diff)

#3 Updated by Giacomo Sanchietti over 5 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#4 Updated by Giacomo Sanchietti over 5 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#5 Updated by Giacomo Sanchietti over 5 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
In netherver-testing:
  • nethserver-firewall-base-2.10.0-1.1.g8ab293a.ns6.noarch.rpm
  • nethserver-firewall-base-ui-2.10.0-1.1.g8ab293a.ns6.noarch.rpm
Test case 1
  • Create a port forward with source port "22" and WAN IP set to "any"
  • Try to create a new port forward with the same source port and WAN IP
  • The web interface must raise a validation error
Test case 2
  • Try to modify an existing port forward
  • The web interface should not raise any error

#6 Updated by Filippo Carletti over 5 years ago

  • Status changed from ON_QA to VERIFIED
  • % Done changed from 70 to 90

Creating the same forward on an already used port the interface displayed:

Origin port
A port forward with same WAN IP and origin port already exists.

Modifying a port forward (I changed port): no errors.

I also tried to forward an used port but bound to a specific alias ip: it's been accepted as expected.

#7 Updated by Giacomo Sanchietti over 5 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Released in nethserver-updates:
  • nethserver-firewall-base-2.10.1-1.ns6.noarch.rpm
  • nethserver-firewall-base-ui-2.10.1-1.ns6.noarch.rpm

Also available in: Atom PDF