summaryrefslogtreecommitdiff
path: root/src/conf_mode/nat_cgnat.py
AgeCommit message (Collapse)Author
2024-07-02T6497: CGNAT refactoring delete conntrack entries (#3699) (#3732)mergify[bot]
(cherry picked from commit 804efa2ef6bfee84d13f633d863f6f22f9eec273) Co-authored-by: Viacheslav Hletenko <v.gletenko@vyos.io>
2024-06-10Merge pull request #3621 from sever-sever/T6442Christian Breunig
T6442: CGNAT add log for address allocation
2024-06-10T6442: CGNAT add log for address allocationViacheslav Hletenko
Add the configuration command to log current CGNAT allocation set nat cgnat log-allocation
2024-06-06T6412: CGNAT fix allocation calcluation for verify (#3585)Viacheslav Hletenko
Fix external address/port allocation for CGN. It fixes some cases where external address/ports can be allocated again to another user.
2024-05-28T6411: CGNAT fix sequences for external address rangesViacheslav Hletenko
Fix the bug where address external alocation was not rely on sequences of the external IP addresses (if set)
2024-05-18T5169: Allow to set CGNAT multiple internal poolsViacheslav Hletenko
Allow to set multiple CGNAT internal pools ``` set nat cgnat pool internal int-01 range '100.64.0.0/28' set nat cgnat pool internal int-01 range '100.64.222.11-100.64.222.14' ```
2024-05-18T6364: CGNAT drop hard limit that allows only one translation ruleViacheslav Hletenko
As PoC for CGNAT had a hard limit of using only one translation rule for one internal pool. Drop this limit and extend the usage number of the rules. ``` set nat cgnat rule 100 source pool 'int-01' set nat cgnat rule 100 translation pool 'ext-01' set nat cgnat rule 120 source pool 'vyos-int-02' set nat cgnat rule 120 translation pool 'vyos-ext-02' ```
2024-05-17Merge pull request #3464 from sever-sever/T6351Daniil Baturin
T6351: CGNAT add verification if the pool exists
2024-05-16T6351: CGNAT add verification if the pool existsViacheslav Hletenko
Add verification if the external/internal pools are exists before we can use them in the source and translation rules
2024-05-16T6347: CGNAT fix error if pool contain dashes in the nameViacheslav Hletenko
2024-04-09T5169: Add PoC for generating CGNAT rules rfc6888Viacheslav Hletenko
Add PoC for generating CGNAT rules https://datatracker.ietf.org/doc/html/rfc6888 Not all requirements are implemented, but some of them. Implemented: REQ-2 ``` A CGN MUST have a default "IP address pooling" behavior of "Paired" CGN must use the same external IP address mapping for all sessions associated with the same internal IP address, be they TCP, UDP, ICMP, something else, or a mix of different protocols. ``` REQ-3 ``` The CGN function SHOULD NOT have any limitations on the size or the contiguity of the external address pool ``` REQ-4 ``` A CGN MUST support limiting the number of external ports (or, equivalently, "identifiers" for ICMP) that are assigned per subscriber ``` CLI: ``` set nat cgnat pool external ext1 external-port-range '1024-65535' set nat cgnat pool external ext1 per-user-limit port '1000' set nat cgnat pool external ext1 range 192.0.2.222/32 set nat cgnat pool internal int1 range '100.64.0.0/28' set nat cgnat rule 10 source pool 'int1' set nat cgnat rule 10 translation pool 'ext1' ```