summaryrefslogtreecommitdiff
path: root/data/templates/firewall/nftables-nat.tmpl
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-06-14 11:46:15 +0200
committerChristian Poessinger <christian@poessinger.com>2020-06-14 11:46:15 +0200
commit5f75ecc0e207ee5c04b956e12b65c5846bb7b9be (patch)
treeba3c05ac9de432ea3cb9126fb3b3c9e0f82a34e1 /data/templates/firewall/nftables-nat.tmpl
parente85ce4276c092e3d171646759ebc987a17116205 (diff)
downloadvyos-1x-5f75ecc0e207ee5c04b956e12b65c5846bb7b9be.tar.gz
vyos-1x-5f75ecc0e207ee5c04b956e12b65c5846bb7b9be.zip
nat: T2593: fix for SNAT translation port when using masquerade
The "to" qualifier did not get rendered when using source ports in masquerade targets. This case was totally missed out when porting.
Diffstat (limited to 'data/templates/firewall/nftables-nat.tmpl')
-rw-r--r--data/templates/firewall/nftables-nat.tmpl10
1 files changed, 7 insertions, 3 deletions
diff --git a/data/templates/firewall/nftables-nat.tmpl b/data/templates/firewall/nftables-nat.tmpl
index 35b2c1232..8108d5e0f 100644
--- a/data/templates/firewall/nftables-nat.tmpl
+++ b/data/templates/firewall/nftables-nat.tmpl
@@ -52,9 +52,13 @@ add rule ip raw NAT_CONNTRACK counter accept
{% set trns_addr = "dnat to " + rule.translation_address %}
{% elif chain == "POSTROUTING" %}
{% set interface = " oifname \"" + rule.interface_out + "\"" %}
-{% set trns_addr = rule.translation_address %}
-{% if rule.translation_address != 'masquerade' %}
-{% set trns_addr = "snat to " + trns_addr %}
+{% if rule.translation_address == 'masquerade' %}
+{% set trns_addr = rule.translation_address %}
+{% if rule.translation_port %}
+{% set trns_addr = trns_addr + " to " %}
+{% endif %}
+{% else %}
+{% set trns_addr = "snat to " + rule.translation_address %}
{% endif %}
{% endif %}
{% set trns_port = ":" + rule.translation_port if rule.translation_port %}