11278 – firewall: not possible to create a network which is a subnet of the immediate RED network

Bug 11278 - firewall: not possible to create a network which is a subnet of the immediate RED network

Summary: firewall: not possible to create a network which is a subnet of the immediate...

Status:	CLOSED DUPLICATE of bug 12263

Alias:	None

Product:	IPFire
Classification:	Unclassified
Component:	--- (show other bugs)
Version:	2
Hardware:	unspecified Unspecified

Importance:	- Unknown - - Unknown -
Assignee:	Alexander Marx
QA Contact:

URL:
Keywords:

Duplicates (1):	11300 (view as bug list)
Depends on:	11466
Blocks:	FWBUGS
	Show dependency tree / graph

Reported:	2017-01-09 16:36 UTC by Michael Tremer
Modified:	2020-08-01 15:13 UTC (History)
CC List:	2 users (show)

See Also:	12263 11235

Attachments
AddNetwork (19.43 KB, image/png) 2018-08-24 11:24 UTC, floschn	Details
IP-Sec Settings (12.08 KB, image/png) 2018-08-24 11:25 UTC, floschn	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Tremer 2017-01-09 16:36:05 UTC

If 192.168.0.0/24 is the subnet on RED, it is not possible to create a network like 192.168.0.0/25. The error message says that this is the RED network which is incorrect.

I think it should be possible to create a network as such. It is not a problem to create a firewall rules with this network as source or destination.

Comment 1 Alexander Marx 2017-01-09 18:49:24 UTC

192.168.0.0/25 is PART of 192.168.0.0/24, thats what the function checks.
Sense is to find out if someone tries to create a network which collides with one of IPFires own internal networks.

i dont see any sense in this. What could be the reason of such an adventurous setup?

Comment 2 Alexander Marx 2017-01-10 16:04:34 UTC

2 Patches generated.

One for clean up some code and second to enable creation of subnets from internal networks.

see
1) http://git.ipfire.org/?p=people/amarx/ipfire-2.x.git;a=commit;h=c5deb29b7d9b8d80d2a4867eb77a521d3972c9a2

2) http://git.ipfire.org/?p=people/amarx/ipfire-2.x.git;a=commit;h=ca03e34c0f4b533093234d9a4204e46c5b8db537

Comment 3 Michael Tremer 2017-04-05 22:13:28 UTC

I reverted the patch since it always says "this is the GREEN network". Please have a look at this again.

Comment 4 Michael Tremer 2017-04-24 11:05:33 UTC

*** Bug 11300 has been marked as a duplicate of this bug. ***

Comment 5 floschn 2017-10-10 15:17:28 UTC

please have a look to this again in 114 it is present again

thanks

Comment 6 Michael Tremer 2017-11-07 17:22:48 UTC

Alex could you check if we can re-apply this patch after the changes that have been made today?

Comment 7 Alexander Marx 2018-08-24 11:11:33 UTC

I think this is already patched.

Comment 8 floschn 2018-08-24 11:24:28 UTC

Created attachment 612 [details]
AddNetwork

Comment 9 floschn 2018-08-24 11:25:29 UTC

Created attachment 613 [details]
IP-Sec Settings

Comment 10 floschn 2018-08-24 11:25:41 UTC

Hi,
i do have still the issue. But now the error says "The given subnet address is already used by an IPsec network. Name: toFW1"

But the subnets are not the same.

see screenshots

Comment 11 Peter Müller 2020-04-10 10:57:38 UTC

Sounds like this is similar to #12263 and #11235.

Comment 12 Peter Müller 2020-08-01 15:13:44 UTC

With a high level of confidence, this is a duplicate of #12263. Please reopen it if this is wrong.

*** This bug has been marked as a duplicate of bug 12263 ***