diff options
| author | An-Cheng Huang <ancheng@vyatta.com> | 2007-12-19 11:25:49 -0800 |
|---|---|---|
| committer | An-Cheng Huang <ancheng@vyatta.com> | 2007-12-19 11:25:49 -0800 |
| commit | 561ec07cb56696b05f683a325098c06422d00f86 (patch) | |
| tree | b35d1727c4de7775854948b862de652a78a0de44 /templates-cfg | |
| download | vyatta-nat-561ec07cb56696b05f683a325098c06422d00f86.tar.gz vyatta-nat-561ec07cb56696b05f683a325098c06422d00f86.zip | |
migrate NAT from fairfield to glendaleupstream
Diffstat (limited to 'templates-cfg')
40 files changed, 115 insertions, 0 deletions
diff --git a/templates-cfg/service/nat/node.def b/templates-cfg/service/nat/node.def new file mode 100644 index 0000000..a06299a --- /dev/null +++ b/templates-cfg/service/nat/node.def @@ -0,0 +1,2 @@ +help: "NAT configuration" +end: "sudo /opt/vyatta/sbin/vyatta-update-nat.pl" diff --git a/templates-cfg/service/nat/rule/node.def b/templates-cfg/service/nat/rule/node.def new file mode 100644 index 0000000..8de4c74 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.def @@ -0,0 +1,4 @@ +tag: +type: u32 +help: "Rule number for NAT" +syntax: ($(@) > 0 && $(@) < 1025) ; "rule number must be between 1 and 1024" diff --git a/templates-cfg/service/nat/rule/node.tag/destination/address/node.def b/templates-cfg/service/nat/rule/node.tag/destination/address/node.def new file mode 100644 index 0000000..21aa728 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/destination/address/node.def @@ -0,0 +1,3 @@ +type: txt +help: "Destination address" +syntax: exec "/opt/vyatta/sbin/vyatta-validate-type.pl ipv4_negate '$(@)'" ; "invalid destination address \"$(@)\"" diff --git a/templates-cfg/service/nat/rule/node.tag/destination/network/node.def b/templates-cfg/service/nat/rule/node.tag/destination/network/node.def new file mode 100644 index 0000000..90c0571 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/destination/network/node.def @@ -0,0 +1,3 @@ +type: txt +help: "Destination network" +syntax: exec "/opt/vyatta/sbin/vyatta-validate-type.pl ipv4net_negate '$(@)'" ; "invalid destination network \"$(@)\"" diff --git a/templates-cfg/service/nat/rule/node.tag/destination/node.def b/templates-cfg/service/nat/rule/node.tag/destination/node.def new file mode 100644 index 0000000..54f73b4 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/destination/node.def @@ -0,0 +1 @@ +help: "NAT destination parameters" diff --git a/templates-cfg/service/nat/rule/node.tag/destination/port-name/node.def b/templates-cfg/service/nat/rule/node.tag/destination/port-name/node.def new file mode 100644 index 0000000..ddd9de5 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/destination/port-name/node.def @@ -0,0 +1,10 @@ +multi: +type: txt +help: "Named destination port (e.g., http)" +syntax: exec "sh -c 'if grep -q '\\''^$(@)[ \t]'\\'' /etc/services; \ +then exit 0; else \ + if grep -q \ + '\\''^[^ \t]\\+[ \t]\\+[^ \t]\\+[^#]*[ \t]$(@)\\([ \t]\\|\\$\\)'\\'' \ + /etc/services; then exit 0; else exit 1; \ + fi; \ +fi' " ; "invalid port name $(@)" diff --git a/templates-cfg/service/nat/rule/node.tag/destination/port-number/node.def b/templates-cfg/service/nat/rule/node.tag/destination/port-number/node.def new file mode 100644 index 0000000..5a1c509 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/destination/port-number/node.def @@ -0,0 +1,4 @@ +multi: +type: u32 +help: "Numbered destination port (ex. 80)" +syntax: ($(@) > 0 && $(@) < 65536) ; "port must be between 1 and 65535" diff --git a/templates-cfg/service/nat/rule/node.tag/destination/port-range/node.def b/templates-cfg/service/nat/rule/node.tag/destination/port-range/node.def new file mode 100644 index 0000000..62f0ac8 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/destination/port-range/node.def @@ -0,0 +1 @@ +help: "Range of destination ports (ex. 80-110)" diff --git a/templates-cfg/service/nat/rule/node.tag/destination/port-range/start/node.def b/templates-cfg/service/nat/rule/node.tag/destination/port-range/start/node.def new file mode 100644 index 0000000..59ade24 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/destination/port-range/start/node.def @@ -0,0 +1,3 @@ +type: u32 +help: "Starting destination port range" +syntax: ($(@) > 0 && $(@) < 65536) ; "port must be between 1 and 65535" diff --git a/templates-cfg/service/nat/rule/node.tag/destination/port-range/stop/node.def b/templates-cfg/service/nat/rule/node.tag/destination/port-range/stop/node.def new file mode 100644 index 0000000..d745455 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/destination/port-range/stop/node.def @@ -0,0 +1,3 @@ +type: u32 +help: "Ending destination port range" +syntax: ($(@) > 0 && $(@) < 65536) ; "port must be between 1 and 65535" diff --git a/templates-cfg/service/nat/rule/node.tag/inbound-interface/node.def b/templates-cfg/service/nat/rule/node.tag/inbound-interface/node.def new file mode 100644 index 0000000..c87d281 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/inbound-interface/node.def @@ -0,0 +1,5 @@ +type: txt +help: "Inbound interface of NAT traffic" +## iptables allow any interface names. +#syntax: exec "sh -c 'if grep -q '\\''^ \\+$(@):'\\'' /proc/net/dev; \ +#then exit 0; else exit 1; fi' " ; "invalid interface $(@)" diff --git a/templates-cfg/service/nat/rule/node.tag/inside-address/address/node.def b/templates-cfg/service/nat/rule/node.tag/inside-address/address/node.def new file mode 100644 index 0000000..8ff9c72 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/inside-address/address/node.def @@ -0,0 +1,2 @@ +type: ipv4 +help: "Inside address to NAT" diff --git a/templates-cfg/service/nat/rule/node.tag/inside-address/node.def b/templates-cfg/service/nat/rule/node.tag/inside-address/node.def new file mode 100644 index 0000000..113c11a --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/inside-address/node.def @@ -0,0 +1 @@ +help: "Inside NAT IP (used by destination NAT only)" diff --git a/templates-cfg/service/nat/rule/node.tag/inside-address/port-number/node.def b/templates-cfg/service/nat/rule/node.tag/inside-address/port-number/node.def new file mode 100644 index 0000000..0ff1b43 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/inside-address/port-number/node.def @@ -0,0 +1,3 @@ +type: u32 +help: "Inside port to NAT" +syntax: ($(@) > 0 && $(@) < 65536) ; "port must be between 1 and 65535" diff --git a/templates-cfg/service/nat/rule/node.tag/inside-address/port-range/node.def b/templates-cfg/service/nat/rule/node.tag/inside-address/port-range/node.def new file mode 100644 index 0000000..4dbd32c --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/inside-address/port-range/node.def @@ -0,0 +1 @@ +help: "Inside port range to NAT" diff --git a/templates-cfg/service/nat/rule/node.tag/inside-address/port-range/start/node.def b/templates-cfg/service/nat/rule/node.tag/inside-address/port-range/start/node.def new file mode 100644 index 0000000..8658b46 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/inside-address/port-range/start/node.def @@ -0,0 +1,3 @@ +type: u32 +help: "Inside port range start" +syntax: ($(@) > 0 && $(@) < 65536) ; "port must be between 1 and 65535" diff --git a/templates-cfg/service/nat/rule/node.tag/inside-address/port-range/stop/node.def b/templates-cfg/service/nat/rule/node.tag/inside-address/port-range/stop/node.def new file mode 100644 index 0000000..182a362 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/inside-address/port-range/stop/node.def @@ -0,0 +1,3 @@ +type: u32 +help: "Inside port range stop" +syntax: ($(@) > 0 && $(@) < 65536) ; "port must be between 1 and 65535" diff --git a/templates-cfg/service/nat/rule/node.tag/inside-address/range/node.def b/templates-cfg/service/nat/rule/node.tag/inside-address/range/node.def new file mode 100644 index 0000000..f8ef0ea --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/inside-address/range/node.def @@ -0,0 +1 @@ +help: "Inside address range" diff --git a/templates-cfg/service/nat/rule/node.tag/inside-address/range/start/node.def b/templates-cfg/service/nat/rule/node.tag/inside-address/range/start/node.def new file mode 100644 index 0000000..473d565 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/inside-address/range/start/node.def @@ -0,0 +1,2 @@ +type: ipv4 +help: "Inside address range start" diff --git a/templates-cfg/service/nat/rule/node.tag/inside-address/range/stop/node.def b/templates-cfg/service/nat/rule/node.tag/inside-address/range/stop/node.def new file mode 100644 index 0000000..4c3ebb0 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/inside-address/range/stop/node.def @@ -0,0 +1,2 @@ +type: ipv4 +help: "Inside address range stop" diff --git a/templates-cfg/service/nat/rule/node.tag/outbound-interface/node.def b/templates-cfg/service/nat/rule/node.tag/outbound-interface/node.def new file mode 100644 index 0000000..bf3e8a2 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/outbound-interface/node.def @@ -0,0 +1,5 @@ +type: txt +help: "Outbound interface for NAT traffic" +## iptables allow any interface names. +#syntax: exec "sh -c 'if grep -q '\\''^ \\+$(@):'\\'' /proc/net/dev; \ +#then exit 0; else exit 1; fi' " ; "invalid interface $(@)" diff --git a/templates-cfg/service/nat/rule/node.tag/outside-address/address/node.def b/templates-cfg/service/nat/rule/node.tag/outside-address/address/node.def new file mode 100644 index 0000000..d6ee617 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/outside-address/address/node.def @@ -0,0 +1,2 @@ +type: ipv4 +help: "Outside address to NAT" diff --git a/templates-cfg/service/nat/rule/node.tag/outside-address/node.def b/templates-cfg/service/nat/rule/node.tag/outside-address/node.def new file mode 100644 index 0000000..466af5c --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/outside-address/node.def @@ -0,0 +1 @@ +help: "Outside NAT IP (used by source NAT only)" diff --git a/templates-cfg/service/nat/rule/node.tag/outside-address/port-number/node.def b/templates-cfg/service/nat/rule/node.tag/outside-address/port-number/node.def new file mode 100644 index 0000000..d30ea94 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/outside-address/port-number/node.def @@ -0,0 +1,3 @@ +type: u32 +help: "Outside port to NAT" +syntax: ($(@) > 0 && $(@) < 65536) ; "port must be between 1 and 65535" diff --git a/templates-cfg/service/nat/rule/node.tag/outside-address/port-range/node.def b/templates-cfg/service/nat/rule/node.tag/outside-address/port-range/node.def new file mode 100644 index 0000000..aa13b4a --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/outside-address/port-range/node.def @@ -0,0 +1 @@ +help: "Outside port range to NAT" diff --git a/templates-cfg/service/nat/rule/node.tag/outside-address/port-range/start/node.def b/templates-cfg/service/nat/rule/node.tag/outside-address/port-range/start/node.def new file mode 100644 index 0000000..09a987a --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/outside-address/port-range/start/node.def @@ -0,0 +1,3 @@ +type: u32 +help: "Outside port range start" +syntax: ($(@) > 0 && $(@) < 65536) ; "port must be between 1 and 65535" diff --git a/templates-cfg/service/nat/rule/node.tag/outside-address/port-range/stop/node.def b/templates-cfg/service/nat/rule/node.tag/outside-address/port-range/stop/node.def new file mode 100644 index 0000000..3ce8342 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/outside-address/port-range/stop/node.def @@ -0,0 +1,3 @@ +type: u32 +help: "Outside port range stop" +syntax: ($(@) > 0 && $(@) < 65536) ; "port must be between 1 and 65535" diff --git a/templates-cfg/service/nat/rule/node.tag/outside-address/range/node.def b/templates-cfg/service/nat/rule/node.tag/outside-address/range/node.def new file mode 100644 index 0000000..b28186e --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/outside-address/range/node.def @@ -0,0 +1 @@ +help: "Outside address range" diff --git a/templates-cfg/service/nat/rule/node.tag/outside-address/range/start/node.def b/templates-cfg/service/nat/rule/node.tag/outside-address/range/start/node.def new file mode 100644 index 0000000..27395f1 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/outside-address/range/start/node.def @@ -0,0 +1,2 @@ +type: ipv4 +help: "Outside address range start" diff --git a/templates-cfg/service/nat/rule/node.tag/outside-address/range/stop/node.def b/templates-cfg/service/nat/rule/node.tag/outside-address/range/stop/node.def new file mode 100644 index 0000000..f441522 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/outside-address/range/stop/node.def @@ -0,0 +1,2 @@ +type: ipv4 +help: "Outside address range stop" diff --git a/templates-cfg/service/nat/rule/node.tag/protocols/node.def b/templates-cfg/service/nat/rule/node.tag/protocols/node.def new file mode 100644 index 0000000..75ccb86 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/protocols/node.def @@ -0,0 +1,3 @@ +type: txt +help: "Protocol to NAT (this can be a protocol name in /etc/protocols, a protocol number, or \"all\")" +syntax: exec "/opt/vyatta/sbin/vyatta-validate-type.pl protocol_negate '$(@)'" ; "invalid protocol \"$(@)\"" diff --git a/templates-cfg/service/nat/rule/node.tag/source/address/node.def b/templates-cfg/service/nat/rule/node.tag/source/address/node.def new file mode 100644 index 0000000..6b88193 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/source/address/node.def @@ -0,0 +1,3 @@ +type: txt +help: "Source address" +syntax: exec "/opt/vyatta/sbin/vyatta-validate-type.pl ipv4_negate '$(@)'" ; "invalid source address \"$(@)\"" diff --git a/templates-cfg/service/nat/rule/node.tag/source/network/node.def b/templates-cfg/service/nat/rule/node.tag/source/network/node.def new file mode 100644 index 0000000..9306c53 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/source/network/node.def @@ -0,0 +1,3 @@ +type: txt +help: "Inside network" +syntax: exec "/opt/vyatta/sbin/vyatta-validate-type.pl ipv4net_negate '$(@)'" ; "invalid source network \"$(@)\"" diff --git a/templates-cfg/service/nat/rule/node.tag/source/node.def b/templates-cfg/service/nat/rule/node.tag/source/node.def new file mode 100644 index 0000000..3aad309 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/source/node.def @@ -0,0 +1 @@ +help: "NAT source parameters" diff --git a/templates-cfg/service/nat/rule/node.tag/source/port-name/node.def b/templates-cfg/service/nat/rule/node.tag/source/port-name/node.def new file mode 100644 index 0000000..1ead23b --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/source/port-name/node.def @@ -0,0 +1,10 @@ +multi: +type: txt +help: "Named source port (e.g., http)" +syntax: exec "sh -c 'if grep -q '\\''^$(@)[ \t]'\\'' /etc/services; \ +then exit 0; else \ + if grep -q \ + '\\''^[^ \t]\\+[ \t]\\+[^ \t]\\+[^#]*[ \t]$(@)\\([ \t]\\|\\$\\)'\\'' \ + /etc/services; then exit 0; else exit 1; \ + fi; \ +fi' " ; "invalid port name $(@)" diff --git a/templates-cfg/service/nat/rule/node.tag/source/port-number/node.def b/templates-cfg/service/nat/rule/node.tag/source/port-number/node.def new file mode 100644 index 0000000..8b8be63 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/source/port-number/node.def @@ -0,0 +1,4 @@ +multi: +type: u32 +help: "Numbered source port (ex. 80)" +syntax: ($(@) > 0 && $(@) < 65536) ; "port must be between 1 and 65535" diff --git a/templates-cfg/service/nat/rule/node.tag/source/port-range/node.def b/templates-cfg/service/nat/rule/node.tag/source/port-range/node.def new file mode 100644 index 0000000..b21d6e8 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/source/port-range/node.def @@ -0,0 +1 @@ +help: "Range of source ports (ex. 80-110)" diff --git a/templates-cfg/service/nat/rule/node.tag/source/port-range/start/node.def b/templates-cfg/service/nat/rule/node.tag/source/port-range/start/node.def new file mode 100644 index 0000000..4ad95f4 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/source/port-range/start/node.def @@ -0,0 +1,3 @@ +type: u32 +help: "Starting source port range" +syntax: ($(@) > 0 && $(@) < 65536) ; "port must be between 1 and 65535" diff --git a/templates-cfg/service/nat/rule/node.tag/source/port-range/stop/node.def b/templates-cfg/service/nat/rule/node.tag/source/port-range/stop/node.def new file mode 100644 index 0000000..74a308b --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/source/port-range/stop/node.def @@ -0,0 +1,3 @@ +type: u32 +help: "Ending source port range" +syntax: ($(@) > 0 && $(@) < 65536) ; "port must be between 1 and 65535" diff --git a/templates-cfg/service/nat/rule/node.tag/type/node.def b/templates-cfg/service/nat/rule/node.tag/type/node.def new file mode 100644 index 0000000..9df10a9 --- /dev/null +++ b/templates-cfg/service/nat/rule/node.tag/type/node.def @@ -0,0 +1,4 @@ +type: txt +help: "Source, destination, or masquerade NAT" +syntax: ($(@) == "source" || $(@) == "destination" || $(@) == "masquerade") ; \ +"invalid type $(@)" |