Bug 11278

Summary: firewall: not possible to create a network which is a subnet of the immediate RED network
Product: IPFire Reporter: Michael Tremer <michael.tremer>
Component: ---Assignee: Alexander Marx <alexander.marx>
Status: CLOSED DUPLICATE QA Contact:
Severity: - Unknown -    
Priority: - Unknown - CC: floschn, peter.mueller
Version: 2   
Hardware: unspecified   
OS: Unspecified   
See Also: https://bugzilla.ipfire.org/show_bug.cgi?id=12263
https://bugzilla.ipfire.org/show_bug.cgi?id=11235
Bug Depends on: 11466    
Bug Blocks: 12278    
Attachments: AddNetwork
IP-Sec Settings

Description Michael Tremer 2017-01-09 16:36:05 UTC
If 192.168.0.0/24 is the subnet on RED, it is not possible to create a network like 192.168.0.0/25. The error message says that this is the RED network which is incorrect.

I think it should be possible to create a network as such. It is not a problem to create a firewall rules with this network as source or destination.
Comment 1 Alexander Marx 2017-01-09 18:49:24 UTC
192.168.0.0/25 is PART of 192.168.0.0/24, thats what the function checks.
Sense is to find out if someone tries to create a network which collides with one of IPFires own internal networks.

i dont see any sense in this. What could be the reason of such an adventurous setup?
Comment 2 Alexander Marx 2017-01-10 16:04:34 UTC
2 Patches generated.

One for clean up some code and second to enable creation of subnets from internal networks.

see
1) http://git.ipfire.org/?p=people/amarx/ipfire-2.x.git;a=commit;h=c5deb29b7d9b8d80d2a4867eb77a521d3972c9a2

2) http://git.ipfire.org/?p=people/amarx/ipfire-2.x.git;a=commit;h=ca03e34c0f4b533093234d9a4204e46c5b8db537
Comment 3 Michael Tremer 2017-04-05 22:13:28 UTC
I reverted the patch since it always says "this is the GREEN network". Please have a look at this again.
Comment 4 Michael Tremer 2017-04-24 11:05:33 UTC
*** Bug 11300 has been marked as a duplicate of this bug. ***
Comment 5 floschn 2017-10-10 15:17:28 UTC
please have a look to this again in 114 it is present again

thanks
Comment 6 Michael Tremer 2017-11-07 17:22:48 UTC
Alex could you check if we can re-apply this patch after the changes that have been made today?
Comment 7 Alexander Marx 2018-08-24 11:11:33 UTC
I think this is already patched.
Comment 8 floschn 2018-08-24 11:24:28 UTC
Created attachment 612 [details]
AddNetwork
Comment 9 floschn 2018-08-24 11:25:29 UTC
Created attachment 613 [details]
IP-Sec Settings
Comment 10 floschn 2018-08-24 11:25:41 UTC
Hi,
i do have still the issue. But now the error says "The given subnet address is already used by an IPsec network. Name: toFW1"

But the subnets are not the same.

see screenshots
Comment 11 Peter Müller 2020-04-10 10:57:38 UTC
Sounds like this is similar to #12263 and #11235.
Comment 12 Peter Müller 2020-08-01 15:13:44 UTC
With a high level of confidence, this is a duplicate of #12263. Please reopen it if this is wrong.

*** This bug has been marked as a duplicate of bug 12263 ***