Firewall nat bug

LatinSuD · December 22, 2010, 1:32pm

I detected this because i could not dstnat more than 1 connection to a host if i used masquerade.

I got these 2 rules, they look the same but one works and the other doesn’t:

16 chain=srcnat action=masquerade protocol=tcp dst-address=192.168.160.2 dst-port=8291 
17 chain=srcnat action=masquerade protocol=tcp dst-address=192.168.160.2 dst-port=8291

How to reproduce this BUG:

With Winbox create a simple Masquerade rule.
Edit the rule and change it into a src-nat rule, with a “to ports” field included.
Edit again and change to Masquerade.

Now you have got a broken rule (with a hidden “to-ports” value).

LatinSuD · December 22, 2010, 1:44pm

(post removed, see my post above)

LatinSuD · December 22, 2010, 1:47pm

(post removed, see my post above)

fewi · December 22, 2010, 2:05pm

Please send that via email to support@mikrotik.com with a supout.rif attached, taken when the broken rule is present.

Bug reports should also go to support, though it’s nice to warn the community.