diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-05-16 16:16:09 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-05-16 18:25:58 +0200 |
commit | 6f349ee3b4d3da731ca22a70db6650848a0c28d9 (patch) | |
tree | 77c978c153f3bf0fc6ed2165de8dae4030d3709a /data/templates/netflow | |
parent | d7662ecfff558192a5b5009679108ca58c8518fa (diff) | |
download | vyos-1x-6f349ee3b4d3da731ca22a70db6650848a0c28d9.tar.gz vyos-1x-6f349ee3b4d3da731ca22a70db6650848a0c28d9.zip |
nat: T2198: use Jinja2 macro for common ruleset for SNAT and DNAT
By using a Jinja2 macro the same template code can be used to create both
source and destination NAT rules with only minor changes introduced by
e.g. the used chain (POSTROUTING vs PREROUTING).
Used the following configuration for testing on two systems with VyOS 1.2
and the old implementation vs the new one here.
set nat destination rule 15 description 'foo-10'
set nat destination rule 15 destination address '1.1.1.1'
set nat destination rule 15 inbound-interface 'eth0.202'
set nat destination rule 15 protocol 'tcp_udp'
set nat destination rule 15 translation address '192.0.2.10'
set nat destination rule 15 translation port '3389'
set nat destination rule 20 description 'foo-20'
set nat destination rule 20 destination address '2.2.2.2'
set nat destination rule 20 destination port '22'
set nat destination rule 20 inbound-interface 'eth0.201'
set nat destination rule 20 protocol 'tcp'
set nat destination rule 20 translation address '192.0.2.10'
set nat source rule 100 outbound-interface 'eth0.202'
set nat source rule 100 protocol 'all'
set nat source rule 100 source address '192.0.2.0/26'
set nat source rule 100 translation address 'masquerade'
set nat source rule 110 outbound-interface 'eth0.202'
set nat source rule 110 protocol 'tcp'
set nat source rule 110 source address '192.0.2.0/26'
set nat source rule 110 source port '5556'
set nat source rule 110 translation address 'masquerade'
set nat source rule 120 outbound-interface 'eth0.202'
set nat source rule 120 protocol 'tcp_udp'
set nat source rule 120 source address '192.0.3.0/26'
set nat source rule 120 translation address '2.2.2.2'
Diffstat (limited to 'data/templates/netflow')
0 files changed, 0 insertions, 0 deletions