From cf6dcb61e1f102f3a9b9edb86eeecac92f944d0d Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sat, 16 May 2020 00:16:40 +0200
Subject: nat: T2198: add support for SNAT based on source addresses

CLI commands used for ruleset generation:

  set nat source rule 100 outbound-interface 'eth0.202'
  set nat source rule 100 protocol 'all'
  set nat source rule 100 source address '192.0.2.0/26'
  set nat source rule 100 translation address 'masquerade'

  set nat source rule 110 outbound-interface 'eth0.202'
  set nat source rule 110 protocol 'tcp'
  set nat source rule 110 source address '192.0.2.0/26'
  set nat source rule 110 source port '5556'
  set nat source rule 110 translation address 'masquerade'
---
 src/conf_mode/nat.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/conf_mode/nat.py')

diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py
index ebac6bfc0..5cb1af1f1 100755
--- a/src/conf_mode/nat.py
+++ b/src/conf_mode/nat.py
@@ -65,7 +65,7 @@ def get_handler(json, chain, target):
 
 def verify_rule(rule, err_msg):
     """ Common verify steps used for both source and destination NAT """
-    if rule['translation_port'] or rule['dest_port']:
+    if rule['translation_port'] or rule['dest_port'] or rule['source_port']:
         if rule['protocol'] not in ['tcp', 'udp', 'tcp_udp']:
             proto = rule['protocol']
             raise ConfigError(f'{err_msg} ports can only be specified when protocol is "tcp", "udp" or "tcp_udp" (currently "{proto}")')
-- 
cgit v1.2.3