VyOS command definitions, scripts, and utilities (mirror of https://github.com/marekm72/vyos-1x.git) https://git.amelek.net/marekm72/vyos-1x.git/atom?h=1.3.2 2021-08-12T14:17:56+00:00 2021-08-12T14:17:56+00:00 Christian Poessinger christian@poessinger.com 2021-06-26T14:56:12+00:00 urn:sha1:e4e3840ad5ede376e52b18e0aff777c25176a2e8 Commit 166d44b3 ("nat: T1083: add translation options for persistent/random mapping of address and port") added support for persistent IP address and port mappings for NAT. Unfortunately one if clause got lost in translation. 2021-08-05T22:13:36+00:00 Igor Melnyk igor_melnyk@ukr.net 2021-06-26T07:48:54+00:00 urn:sha1:14011bee699372746b3770c877570937319d0cbb Tested using: set destination rule 100 inbound-interface 'eth0' set destination rule 100 translation address '19.13.23.42' set destination rule 100 translation options address-mapping 'random' set destination rule 100 translation options port-mapping 'none' set source rule 1000 outbound-interface 'eth0' set source rule 1000 translation address '122.233.231.12' set source rule 1000 translation options address-mapping 'persistent' set source rule 1000 translation options port-mapping 'fully-random' 2021-02-13T18:46:11+00:00 Esa Varemo esa@kuivanto.fi 2021-02-12T21:42:47+00:00 urn:sha1:1a3118490a851db25b7b8941b0e0ca26510f7643 Fix destination NAT template trying to map source->translation instead of destination->translation. Fixes https://phabricator.vyos.net/T3307 (cherry picked from commit 4a0504a96cf0f3078e964ed201f196fb55172e00) 2021-01-13T18:30:05+00:00 Christian Poessinger christian@poessinger.com 2021-01-12T22:22:21+00:00 urn:sha1:65f66d73d56006779d4bd698b2ce039374614548 (cherry picked from commit 806b1cb6eebce4a11a5d2496b062a93d5899746e) 2020-11-28T20:10:10+00:00 Christian Poessinger christian@poessinger.com 2020-11-28T20:10:10+00:00 urn:sha1:e4ea410b7587b0018055962c295ab491133f458c The NAT system consists out of nested tag nodes which makes manual parsing very hard. This is a perfect candidate for migrating this to get_config_dict() as there is already a smoketest in place. In addition this should make it easier to add features like static nat/hairpin. 2020-11-28T07:25:39+00:00 Christian Poessinger christian@poessinger.com 2020-11-28T07:25:39+00:00 urn:sha1:c87ad948999c28c3c9449f98d60b545481ea29d5 Commit a2ac9fac ("vyos.template: T2720: always enable Jinja2 trim_blocks feature") globally enabled the trim_blocks feature. Some templates still used in-line trim_blocks "{%"- or "-%}" which caused miss-placed line endings. This is fixed by removing all in-line trim_block statememnts of Jinja2 templates. 2020-10-05T16:42:07+00:00 Christian Poessinger christian@poessinger.com 2020-10-05T16:42:07+00:00 urn:sha1:65acae4868363117697ccefff10d0ef12fae9da4 For both source and destination NAT always the LOG name contained DST - which is definately false. This has been corrected to use SRC and DST on the appropriate rules. 2020-07-12T09:54:16+00:00 Christian Poessinger christian@poessinger.com 2020-07-12T09:54:16+00:00 urn:sha1:6f44b47d8f2bf04984684a0752ab224960260b0d 2020-06-14T09:46:15+00:00 Christian Poessinger christian@poessinger.com 2020-06-14T09:46:15+00:00 urn:sha1:5f75ecc0e207ee5c04b956e12b65c5846bb7b9be The "to" qualifier did not get rendered when using source ports in masquerade targets. This case was totally missed out when porting. 2020-06-11T22:52:52+00:00 Christian Poessinger christian@poessinger.com 2020-06-11T22:52:52+00:00 urn:sha1:3b8c45989e8fee5ec445ac8c8335a4de43ec9e81 We specify NFT source/destination ports within a { } group, but if the port range in question is negated, we need to move the != fraction out of { } and infront of that group, else NFT loading will fail big time.