summaryrefslogtreecommitdiff
path: root/lib/Vyatta
diff options
context:
space:
mode:
Diffstat (limited to 'lib/Vyatta')
-rw-r--r--lib/Vyatta/DstNatRule.pm20
-rw-r--r--lib/Vyatta/SrcNatRule.pm32
2 files changed, 51 insertions, 1 deletions
diff --git a/lib/Vyatta/DstNatRule.pm b/lib/Vyatta/DstNatRule.pm
index aa419e5..98ebd56 100644
--- a/lib/Vyatta/DstNatRule.pm
+++ b/lib/Vyatta/DstNatRule.pm
@@ -91,6 +91,10 @@ sub setup {
}
$self->{_inside_addr}->{_port}
= $config->returnValue("translation port");
+
+ $self->{_address_mapping} = $config->returnValue("translation options address-mapping");
+ $self->{_port_mapping} = $config->returnValue("translation options port-mapping");
+
$src->setup("$level source");
$dst->setup("$level destination");
@@ -122,6 +126,9 @@ sub setupOrig {
}
$self->{_inside_addr}->{_port}
= $config->returnOrigValue("translation port");
+
+ $self->{_address_mapping} = $config->returnOrigValue("translation options address-mapping");
+ $self->{_port_mapping} = $config->returnOrigValue("translation options port-mapping");
$src->setupOrig("$level source");
$dst->setupOrig("$level destination");
@@ -248,7 +255,18 @@ sub rule_str {
$jump_target = 'NETMAP';
$jump_param .= " $to_dst";
} else {
- $jump_param .= " $to_dst";
+ $jump_param .= " $to_dst";
+
+ my $addr_mapping = $self->{_address_mapping};
+ if(defined($addr_mapping)) {
+ if($addr_mapping eq "persistent") {
+ $jump_param .= " --persistent";
+ } elsif ($addr_mapping eq "random") {
+ # random is the default, do nothing
+ } else {
+ return ('address-mapping must be either "persistent" or "random"', undef);
+ }
+ }
}
} else {
return ("translation address not specified", undef);
diff --git a/lib/Vyatta/SrcNatRule.pm b/lib/Vyatta/SrcNatRule.pm
index dfb6f28..dac868e 100644
--- a/lib/Vyatta/SrcNatRule.pm
+++ b/lib/Vyatta/SrcNatRule.pm
@@ -94,6 +94,9 @@ sub setup {
$self->{_outside_addr}->{_port}
= $config->returnValue("translation port");
+ $self->{_address_mapping} = $config->returnValue("translation options address-mapping");
+ $self->{_port_mapping} = $config->returnValue("translation options port-mapping");
+
$src->setup("$level source");
$dst->setup("$level destination");
@@ -129,6 +132,9 @@ sub setupOrig {
$self->{_outside_addr}->{_port}
= $config->returnOrigValue("translation port");
+ $self->{_address_mapping} = $config->returnOrigValue("translation options address-mapping");
+ $self->{_port_mapping} = $config->returnOrigValue("translation options port-mapping");
+
$src->setupOrig("$level source");
$dst->setupOrig("$level destination");
@@ -268,13 +274,39 @@ sub rule_str {
} elsif ($to_src ne '') {
if (defined($self->{_is_masq})) {
$jump_param .= " --to-ports $to_src";
+
+ my $port_mapping = $self->{_port_mapping};
+ if(defined($port_mapping)) {
+ if($port_mapping eq "random") {
+ $jump_param .= " --random-fully";
+ } elsif ($port_mapping eq "none") {
+ # none is the deault, do nothing
+ } else {
+ return ('port-mapping must be either "random" or "none"', undef);
+ }
+ }
} else {
+ if(defined($self->{_port_mapping})) {
+ return ('port-mapping option is only valid for masquerade rules', undef);
+ }
+
if ($use_netmap) {
# replace "SNAT" with "NETMAP"
$jump_target = 'NETMAP';
$jump_param .= " --to $to_src";
} else {
$jump_param .= " --to-source $to_src";
+
+ my $addr_mapping = $self->{_address_mapping};
+ if(defined($addr_mapping)) {
+ if($addr_mapping eq "persistent") {
+ $jump_param .= " --persistent";
+ } elsif ($addr_mapping eq "random") {
+ # random is the default, do nothing
+ } else {
+ return ('address-mapping must be either "persistent" or "random"', undef);
+ }
+ }
}
}
} elsif (!defined($self->{_is_masq})) {
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-20 21:57:03 +0000