vyos-1x.git/src/migration-scripts/nat, branch 1.4.0 VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) https://git.amelek.net/vyos/vyos-1x.git/atom?h=1.4.0 2024-05-23T14:19:40+00:00 nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel >=5.0 2024-05-23T14:19:40+00:00 Christian Breunig christian@breunig.cc 2024-05-22T19:31:32+00:00 urn:sha1:2c94114a3fe13ab9adc0be5b953a97584f0ab541 random - In kernel 5.0 and newer this is the same as fully-random. In earlier kernels the port mapping will be randomized using a seeded MD5 hash mix using source and destination address and destination port. https://git.netfilter.org/nftables/commit/?id=fbe27464dee4588d906492749251454 (cherry picked from commit 7fe568ca1672f1dfbd2b56ee3ef7a6ab48b03070) T6100: Added NAT migration from IP/Netmask to Network/Netmask 2024-04-12T18:32:19+00:00 aapostoliuk a.apostoliuk@vyos.io 2024-04-11T08:40:07+00:00 urn:sha1:95b9597fab3e5dafe8834940c0a49ba89e8fce8e Added NAT migration from IP/Netmask to Network/Netmask. In 1.3 allowed using IP/Netmask in Nat rules. In 1.4 and 1.5 it is prohibited. Allowed Network/Netmask. (cherry picked from commit 52c02ade031f165da18e6fd0542f3952f2cc9bb6) T5889: Fix migration scripts nat 5-to-6 2024-01-16T14:08:56+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2024-01-16T12:52:26+00:00 urn:sha1:535228d888fedcc239bf4fa1be962fbd74259ca9 The current migration drop interface name for NAT where not should ``` nat { source { rule 100 { outbound-interface { name "eth0" ... } } } ``` After migration we lost interface: /home/vyos# /opt/vyatta/etc/config-migrate/migrate/nat/5-to-6 tmp.conf /home/vyos# /home/vyos# cat tmp.conf | grep "nat {" -A 10 nat { source { rule 100 { outbound-interface { interface-name "" ... } } } ``` This commit fixes it. (cherry picked from commit 813237d9766f636394b9ab385bb825fbf83202b3) T5804: nat: remove inbound|outbound interface from old configuration when it was set to <any>. 2023-12-21T11:24:27+00:00 Nicolas Fort nicolasfort1988@gmail.com 2023-12-11T10:08:59+00:00 urn:sha1:41fdbae4e5bbfaf9f7539b93a78a851981037cd8 (cherry picked from commit 5cb95aed965b45a900c6ba97c0bccefed83332b6) T5681: Firewall,Nat and Nat66: simplified and standarize interface matcher firewal, nat and nat66. 2023-11-01T10:39:10+00:00 Nicolas Fort nicolasfort1988@gmail.com 2023-10-25T11:59:01+00:00 urn:sha1:2b38b45e219e363955b850d90a40564eb4b375c0 (cherry picked from commit 51abbc0f1b2ccf4785cf7f29f1fe6f4af6007ee6) T5643: nat: add interface-groups to nat. Use same cli structure for interface-name|interface-group as in firewall. 2023-10-24T04:18:48+00:00 Nicolas Fort nicolasfort1988@gmail.com 2023-10-10T17:35:30+00:00 urn:sha1:94c98a78717293deb6a9863e40280565d0b47271 (cherry picked from commit 2f2c3fa22478c7ba2e116486d655e07df878cdf4) T5427: Fix migration script arguments len expects 2 args 2023-08-02T09:12:23+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2023-08-02T09:12:23+00:00 urn:sha1:d1923b7b58795f0d9635ae0e8df110f591881bdf The script's name is always provided as the first argument sys.argv[0] Expected length for argv is 2 (script itself + config file) Change: 'if (len(argv) < 1)' to 'if len(argv) < 2' T3346: handle the case of empty nodes when migrating NAT to syntax version 5 2021-02-22T15:03:05+00:00 Daniil Baturin daniil@vyos.io 2021-02-22T15:03:05+00:00 urn:sha1:28cd2e3edb3e2108c43ad20c0084d496a7ffef25 nat: T2198: migrate "log enable" node to only "log" 2020-05-16T16:25:58+00:00 Christian Poessinger christian@poessinger.com 2020-05-15T16:50:01+00:00 urn:sha1:d0b24799d9001cb467fd36fe3757bcfee7b9abc1