Hallo! BUG in "Firewall Regel (Destinateion-NAT / Port-Forward) In section TARGET is a HOST-Field. If the host 172.16.1.0/12 is entered, IPFire recognizes it as NETQWORK. Thats wrong. The Network recognition must be made with an AND not with "is last byte=0?" greets, Roland
This is *NOT* a bug. You are allowed to type networks and hosts into the "destination" field. Of course 172.16.1.0/12 is a network. The correct notation would actually be 172.16.0.0/12 for this one since that is the first address is this net. Any other address up to 172.31.255.255 are indeed hosts, but those should have /32 as prefix then. The /12 denotes that only the first 12 bytes should actually be taken into account of this address. A zero at the end does at no time mean that this is a subnet instead of a host. The subnet mask does that.
Created attachment 444 [details] attachment-14668-0.html Dear Michael!My Network IS 172.16.0.0/12 in this network I have a host, it is 172.16.1.0 :))) 172.16.0.0 is the Network-IP 172.31.255.255 is the broadcast and everythin BETWEEN those 2 adresses are Hosts. Greets, Roland On Mit, 2016-05-25 at 22:29 +0000, bugzilla@ipfire.org wrote: > Michael Tremer changed bug 11128 > What Removed Added > Status NEW CLOSED > Resolution --- NOTABUG > Comment # 1 on bug 11128 from Michael Tremer > This is *NOT* a bug. > > You are allowed to type networks and hosts into the "destination" > field. > > Of course 172.16.1.0/12 is a network. The correct notation would > actually be > 172.16.0.0/12 for this one since that is the first address is this > net. > > Any other address up to 172.31.255.255 are indeed hosts, but those > should have > /32 as prefix then. > > The /12 denotes that only the first 12 bytes should actually be taken > into > account of this address. A zero at the end does at no time mean that > this is a > subnet instead of a host. The subnet mask does that. > You are receiving this mail because: > You reported the bug.
Created attachment 445 [details] attachment-14759-0.html Ah, i forgot: it is REALLY(!) a bug, you just looked over it too quickly ;) On Mit, 2016-05-25 at 22:29 +0000, bugzilla@ipfire.org wrote: > Michael Tremer changed bug 11128 > What Removed Added > Status NEW CLOSED > Resolution --- NOTABUG > Comment # 1 on bug 11128 from Michael Tremer > This is *NOT* a bug. > > You are allowed to type networks and hosts into the "destination" > field. > > Of course 172.16.1.0/12 is a network. The correct notation would > actually be > 172.16.0.0/12 for this one since that is the first address is this > net. > > Any other address up to 172.31.255.255 are indeed hosts, but those > should have > /32 as prefix then. > > The /12 denotes that only the first 12 bytes should actually be taken > into > account of this address. A zero at the end does at no time mean that > this is a > subnet instead of a host. The subnet mask does that. > You are receiving this mail because: > You reported the bug.
I have no idea what you are trying to tell me here. The correct notation for a host is: 172.16.1.0/32 If you type 172.16.1.0/12 everything after the twelfth bit will be ignored. This is exactly the same then writing 172.16.0.0/12 or 172.16.31.255/12. For your convenience, just leave the prefix when entering host and just use the address part of the IP address, because 172.16.1.0 is the address if your host; 172.16.1.0/12 isn't.
Created attachment 446 [details] attachment-19953-0.html Okay :)Ich glaube du bist aud Deutschland, oder? Da tu ich mir mit deutsch leichter. Also, anscheinend hamma ein Missverständnis: mein Host heißt 172.16.1.0/32 Das Netz aus dem der Host ist heißt: 172.16.0.0/12 Und die IPFire jammert, weil sie glaubt 172.16.1.0 sei ein Netz (und dieses rumjammern der IPFire ist der Bug!): Fehlermeldung der IP-Fire beim anlegen einer Firewallregel mit DNAT: "Für Destination-NAT muss ein einzelner Host als Ziel ausgewählt werden. Gruppen oder Netzwerke sind nicht erlaubt" Ich kann dich auch gerne anrufen, und es dir von mir aus auch mit Teamviewer vorführen, wenn dir das was hilft. Ich finde die IPFire super, ich bring die auch meinen Schülern bei (im Netzwerk-Labor). Also ich hab echt Respekt vor Deiner Arbeit! Wenn ich dir also helfen kann den Bug zu fixen, ist mir das recht. lg Roland On Don, 2016-05-26 at 13:48 +0000, bugzilla@ipfire.org wrote: > Comment # 4 on bug 11128 from Michael Tremer > I have no idea what you are trying to tell me here. > > The correct notation for a host is: 172.16.1.0/32 > > If you type 172.16.1.0/12 everything after the twelfth bit will be > ignored. > This is exactly the same then writing 172.16.0.0/12 or > 172.16.31.255/12. > > For your convenience, just leave the prefix when entering host and > just use the > address part of the IP address, because 172.16.1.0 is the address if > your host; > 172.16.1.0/12 isn't. > You are receiving this mail because: > You reported the bug.
Nope and I do not live in Germany... This bug tracker is using English any ways. Please stick with that. I have no idea what you are trying to say here. Maybe add some screenshots or describe the steps that you are doing and where the issue is. (In reply to firewalker from comment #5) > Created attachment 446 [details] > attachment-19953-0.html > > Okay :)Ich glaube du bist aud Deutschland, oder? > Da tu ich mir mit deutsch leichter. > Also, anscheinend hamma ein Missverständnis: > mein Host heißt 172.16.1.0/32 > Das Netz aus dem der Host ist heißt: 172.16.0.0/12 > Und die IPFire jammert, weil sie glaubt 172.16.1.0 sei ein Netz (und > dieses rumjammern der IPFire ist der Bug!): > Fehlermeldung der IP-Fire beim anlegen einer Firewallregel mit DNAT: > "Für Destination-NAT muss ein einzelner Host als Ziel ausgewählt > werden. Gruppen oder Netzwerke sind nicht erlaubt" > Ich kann dich auch gerne anrufen, und es dir von mir aus auch mit > Teamviewer vorführen, wenn dir das was hilft. > Ich finde die IPFire super, ich bring die auch meinen Schülern bei (im > Netzwerk-Labor). > Also ich hab echt Respekt vor Deiner Arbeit! > Wenn ich dir also helfen kann den Bug zu fixen, ist mir das recht. > lg > Roland > On Don, 2016-05-26 at 13:48 +0000, bugzilla@ipfire.org wrote: > > Comment # 4 on bug 11128 from Michael Tremer > > I have no idea what you are trying to tell me here. > > > > The correct notation for a host is: 172.16.1.0/32 > > > > If you type 172.16.1.0/12 everything after the twelfth bit will be > > ignored. > > This is exactly the same then writing 172.16.0.0/12 or > > 172.16.31.255/12. > > > > For your convenience, just leave the prefix when entering host and > > just use the > > address part of the IP address, because 172.16.1.0 is the address if > > your host; > > 172.16.1.0/12 isn't. > > You are receiving this mail because: > > You reported the bug.
Created attachment 447 [details] attachment-32174-0.html Okay, sorry. Once again in english: i guess there is a big misunderstanding. 1) i hav the network: 172.16.0.0/12 2) i have a host 172.16.1.0/32 3) when making a DNAT ipfire-rule (port forwarding) ipfire says: "172.16.1.0 is a network not a host" and rejects the rule -> this is the bug If this is still not clear, I can call you by phone if this clears things. I really apreciate your work! I do not only use IPFire but also teach it to my students! :) Best regards, Roland On Don, 2016-05-26 at 17:39 +0000, bugzilla@ipfire.org wrote: > Comment # 6 on bug 11128 from Michael Tremer > Nope and I do not live in Germany... This bug tracker is using > English any > ways. Please stick with that. > > I have no idea what you are trying to say here. Maybe add some > screenshots or > describe the steps that you are doing and where the issue is. > > (In reply to firewalker from comment #5) > > Created attachment 446 [details] > > attachment-19953-0.html > > > > Okay :)Ich glaube du bist aud Deutschland, oder? > > Da tu ich mir mit deutsch leichter. > > Also, anscheinend hamma ein Missverständnis: > > mein Host heißt 172.16.1.0/32 > > Das Netz aus dem der Host ist heißt: 172.16.0.0/12 > > Und die IPFire jammert, weil sie glaubt 172.16.1.0 sei ein Netz > (und > > dieses rumjammern der IPFire ist der Bug!): > > Fehlermeldung der IP-Fire beim anlegen einer Firewallregel mit > DNAT: > > "Für Destination-NAT muss ein einzelner Host als Ziel ausgewählt > > werden. Gruppen oder Netzwerke sind nicht erlaubt" > > Ich kann dich auch gerne anrufen, und es dir von mir aus auch mit > > Teamviewer vorführen, wenn dir das was hilft. > > Ich finde die IPFire super, ich bring die auch meinen Schülern bei > (im > > Netzwerk-Labor). > > Also ich hab echt Respekt vor Deiner Arbeit! > > Wenn ich dir also helfen kann den Bug zu fixen, ist mir das recht. > > lg > > Roland > > On Don, 2016-05-26 at 13:48 +0000, bugzilla@ipfire.org wrote: > > > Comment # 4 on bug 11128 from Michael Tremer > > > I have no idea what you are trying to tell me here. > > > > > > The correct notation for a host is: 172.16.1.0/32 > > > > > > If you type 172.16.1.0/12 everything after the twelfth bit will > be > > > ignored. > > > This is exactly the same then writing 172.16.0.0/12 or > > > 172.16.31.255/12. > > > > > > For your convenience, just leave the prefix when entering host > and > > > just use the > > > address part of the IP address, because 172.16.1.0 is the address > if > > > your host; > > > 172.16.1.0/12 isn't. > > > You are receiving this mail because: > > > You reported the bug. > You are receiving this mail because: > You reported the bug.
This is a bug! If you have a larger net than /24 there are also valid ip's with the last octet is "0" The buggy validation code checks the last octet is 0 or 255 which is only valid for /24 networks.
*** This bug has been marked as a duplicate of bug 11184 ***