SYSTEM WARNING: 'file_get_contents(https://www.clearos.com/?rendertype=json&get=header): failed to open stream: Connection refused' in '/var/www/virtual/newwrapper/cf_topmenu.inc' line 5

ClearOS Bug Tracker


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0005811ClearOSapp-nat-firewall - 1-to-1 NATpublic2015-10-29 20:492020-05-14 10:31
Reporterdloper 
Assigned To 
PrioritylowSeverityminorReproducibilityalways
StatusclosedResolutionsuspended 
PlatformOSOS Version
Product Version7.1.0 
Target VersionFixed in Version 
Summary0005811: Network namespaces length in API
DescriptionBecause of the new lengths that are automatically assigned to network interfaces, checks need to be put into place for resultant interface types. There is a hard limit to the network name length in linux of 15 characters. (See: http://stackoverflow.com/questions/24932172/what-length-can-a-network-interface-name-have [^])

This means that in 1:1 nat, if the originating network interface is 12 characters long or longer, it will bork and truncate. For example:

en0s0p0.1001:200 will truncate to en0s0p0.1001:20

This would be a VLAN 1001 interface card on the first port on a multiport NIC that is is being added to 1:1 nat.

This is the first place that this problem presents itself but it is possible for this issue to rise with other modules especially if the base NIC name is long and on a large numbered VLAN.

1:1 nat adds a colon and a three digit number starting at 200. These 4 characters means that interfaces with 12 characters or longer should be prohibited. By adding a validation check to the 1:1 nat rule creation that looks at the base name of the interface and then prohibits an add if the base nic is greater than 11 characters with the message:

"Base NIC name ($nic) length is too long. Use shorter NIC name or convert NIC to alias 'netwkX' name."

Additional InformationThe nic designation of 'netwk' is being added to the interface list so that individuals can alias NIC names using the 'net.ifnames=0' kernel directive with a modification to the /etc/udev/rules.d/70-persistent-net.rules, with an entry such as:

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="01:02:03:04:05:06", ATTR{type}=="1", KERNEL=="eth*", NAME="netwk0"
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0014401)
NickH (developer)
2020-05-14 10:31

Migrated to https://gitlab.com/clearos/clearfoundation/app-nat-firewall/-/issues/8 [^]

- Issue History
Date Modified Username Field Change
2015-10-29 20:49 dloper New Issue
2015-10-29 21:59 user2 Status new => confirmed
2015-10-29 21:59 user2 Target Version 7.2.0 Beta 1 =>
2020-05-14 10:31 NickH Note Added: 0014401
2020-05-14 10:31 NickH Status confirmed => closed
2020-05-14 10:31 NickH Resolution open => suspended

SYSTEM WARNING: 'file_get_contents(https://www.clearos.com/?rendertype=json&get=footer): failed to open stream: Connection refused' in '/var/www/virtual/newwrapper/cf_footer.inc' line 7