diff options
author | Christian Breunig <christian@breunig.cc> | 2023-07-22 08:41:10 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-07-22 08:41:10 +0200 |
commit | 0ca6a8c2fdcdd5b2efe875831236504c161099a4 (patch) | |
tree | 7c07a345e193114d0a12d1486a5f51c86a9256f4 /python/vyos | |
parent | c59765163885cc5bc54df9b194366f8713d065a1 (diff) | |
parent | 4c61fa82f59e26023993be56be1ff9bf0cb5251e (diff) | |
download | vyos-1x-0ca6a8c2fdcdd5b2efe875831236504c161099a4.tar.gz vyos-1x-0ca6a8c2fdcdd5b2efe875831236504c161099a4.zip |
Merge pull request #2100 from nicolas-fort/T4889
T4889: NAT Redirect: adddestination nat redirection (to local host) feature.
Diffstat (limited to 'python/vyos')
-rw-r--r-- | python/vyos/nat.py | 42 |
1 files changed, 23 insertions, 19 deletions
diff --git a/python/vyos/nat.py b/python/vyos/nat.py index 5b8d5d1a3..603fedb9b 100644 --- a/python/vyos/nat.py +++ b/python/vyos/nat.py @@ -54,28 +54,32 @@ def parse_nat_rule(rule_conf, rule_id, nat_type, ipv6=False): translation_str = 'return' log_suffix = '-EXCL' elif 'translation' in rule_conf: - translation_prefix = nat_type[:1] - translation_output = [f'{translation_prefix}nat'] addr = dict_search_args(rule_conf, 'translation', 'address') port = dict_search_args(rule_conf, 'translation', 'port') - - if addr and is_ip_network(addr): - if not ipv6: - map_addr = dict_search_args(rule_conf, nat_type, 'address') - translation_output.append(f'{ip_prefix} prefix to {ip_prefix} {translation_prefix}addr map {{ {map_addr} : {addr} }}') - ignore_type_addr = True - else: - translation_output.append(f'prefix to {addr}') - elif addr == 'masquerade': - if port: - addr = f'{addr} to ' - translation_output = [addr] - log_suffix = '-MASQ' + redirect_port = dict_search_args(rule_conf, 'translation', 'redirect', 'port') + if redirect_port: + translation_output = [f'redirect to {redirect_port}'] else: - translation_output.append('to') - if addr: - addr = bracketize_ipv6(addr) - translation_output.append(addr) + translation_prefix = nat_type[:1] + translation_output = [f'{translation_prefix}nat'] + + if addr and is_ip_network(addr): + if not ipv6: + map_addr = dict_search_args(rule_conf, nat_type, 'address') + translation_output.append(f'{ip_prefix} prefix to {ip_prefix} {translation_prefix}addr map {{ {map_addr} : {addr} }}') + ignore_type_addr = True + else: + translation_output.append(f'prefix to {addr}') + elif addr == 'masquerade': + if port: + addr = f'{addr} to ' + translation_output = [addr] + log_suffix = '-MASQ' + else: + translation_output.append('to') + if addr: + addr = bracketize_ipv6(addr) + translation_output.append(addr) options = [] addr_mapping = dict_search_args(rule_conf, 'translation', 'options', 'address_mapping') |