Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Editing NAT rules vanishes aliases #368

Closed
fraenki opened this issue Sep 6, 2015 · 9 comments
Closed

Editing NAT rules vanishes aliases #368

fraenki opened this issue Sep 6, 2015 · 9 comments

Comments

@fraenki
Copy link
Member

fraenki commented Sep 6, 2015

I've just updated from OPNsense 15.7.10-amd64 to 15.7.11. Now if I make changes to the outbound NAT fules (firewall_nat_out.php) ALL aliases will be vanished (firewall_aliases.php). I have verified that they are actually removed from config.xml.

I wasn't able to find any logs and the crash reporter didn't report a issue. Anything I could do to provide useful debug information? The problem is 100% reproduceable.

For the records, I've made a few changes to the system by applying AdSchellevis ipsec-related fixes (www/vpn_*, etc/inc/vpn.inc, etc/inc/vpn.inc). Editing IPsec configuration does NOT vanish aliases.
@AdSchellevis
Copy link
Member

Hi Frank,

There are new versions available for (as good as) all firewall related pages, but to be honest, I can't find a direct reason why they would be flushed in the current version so I can't be 100% sure we solved this one as well.
Using the latest (now in dev) version I have saved multiple scenarios without loosing any of my aliases, so if you can find the time to retest when all new patches are in the release (or checkout the dev version) that would be very helpful.

The application flow in a lot of the old pages was quite messy, that's why we decided to do some thorough cleanup on the old front-end code as well for some areas, like ipsec, openvpn and firewall. Which should result in code which is easier to manage.
More will probably follow in the months to come.

Regards,

Ad

@fraenki
Copy link
Member Author

fraenki commented Sep 8, 2015

Oh well, I guess applying only selected commits should be considered harmful. I've now also applied your updates to opnsense/mvc and opnsense/www/themes/opnsense and now the problem is solved.

Nightly builds/images would make it easier to test fixes.

@fraenki fraenki closed this as completed Sep 8, 2015
@fraenki fraenki mentioned this issue Sep 8, 2015
Closed
@syserr0r
Copy link
Contributor

I am experiencing this on a clean install of 15.7.11 (which is the latest "stable" version I can find).

I am still working on reproducing but this is the second time I have lost all port and ip aliases after editing Firewall NAT, Rules and virtual IPs.

Update: Just re-entered all aliases, edited the description of an outgoing NAT rule and lost them all again.

@fichtner
Copy link
Member

15.7.12 is not going to have the new pages just yet, so still worth looking into.

@fichtner fichtner reopened this Sep 10, 2015
@fichtner
Copy link
Member

As a side note, aliases should still be in the backups, shouldn't they?

@syserr0r
Copy link
Contributor

Excuse my ignorance, but what backups?

@fraenki
Copy link
Member Author

fraenki commented Sep 10, 2015

@syserr0r Just in case you aren't aware of: you may easily restore your aliases by navigating to Diagnostics -> Backup & Restore -> Config History and revert to the previous configuration. This saved me a lot of hassle.
@fichtner Good point.

@syserr0r
Copy link
Contributor

@fraenki Good to know, that will save me a lot of hassle -- thanks.

@fraenki fraenki mentioned this issue Sep 14, 2015
Closed
@fichtner
Copy link
Member

Pages replaced.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@fraenki @fichtner @syserr0r @AdSchellevis