nat: T538: Add static NAT one-to-one

Ability to set static NAT (one-to-one) in one rule set nat static rule 10 destination address '203.0.113.0/24' set nat static rule 10 inbound-interface 'eth0' set nat static rule 10 translation address '192.0.2.0/24' It will be enough for PREROUTING and POSTROUTING rules Use a separate table 'vyos_static_nat' as SRC/DST rules and STATIC rules can have the same rule number
author: Viacheslav Hletenko <v.gletenko@vyos.io> 2022-08-13 00:07:41 +0000
committer: Viacheslav Hletenko <v.gletenko@vyos.io> 2022-08-17 10:53:26 +0000
commit: 69bcdb9a680b33422d041fd03e70c25094bfa6a2 (patch)
tree: 845bd5bce027e72fd9dfba8f713c1e799bbdf9de /interface-definitions
parent: 466e3b192d15563bc21fc308fa7916eb5aae8664 (diff)
download: vyos-1x-69bcdb9a680b33422d041fd03e70c25094bfa6a2.tar.gz
vyos-1x-69bcdb9a680b33422d041fd03e70c25094bfa6a2.zip
3 files changed, 74 insertions, 9 deletions
diff --git a/interface-definitions/include/inbound-interface.xml.i b/interface-definitions/include/inbound-interface.xml.i
new file mode 100644
index 000000000..3289bbf8f
--- /dev/null
+++ b/interface-definitions/include/inbound-interface.xml.i
@@ -0,0 +1,11 @@
+<!-- include start from inbound-interface.xml.i -->
+<leafNode name="inbound-interface">
+  <properties>
+    <help>Inbound interface of NAT traffic</help>
+    <completionHelp>
+      <list>any</list>
+      <script>${vyos_completion_dir}/list_interfaces.py</script>
+    </completionHelp>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/ipv4-address-prefix.xml.i b/interface-definitions/include/ipv4-address-prefix.xml.i
new file mode 100644
index 000000000..f5be6f1fe
--- /dev/null
+++ b/interface-definitions/include/ipv4-address-prefix.xml.i
@@ -0,0 +1,19 @@
+<!-- include start from ipv4-address-prefix.xml.i -->
+<leafNode name="address">
+  <properties>
+    <help>IP address, prefix</help>
+    <valueHelp>
+      <format>ipv4</format>
+      <description>IPv4 address to match</description>
+    </valueHelp>
+    <valueHelp>
+      <format>ipv4net</format>
+      <description>IPv4 prefix to match</description>
+    </valueHelp>
+    <constraint>
+      <validator name="ipv4-address"/>
+      <validator name="ipv4-prefix"/>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/nat.xml.in b/interface-definitions/nat.xml.in
index 9295b631f..501ff05d3 100644
--- a/interface-definitions/nat.xml.in
+++ b/interface-definitions/nat.xml.in
@@ -14,15 +14,7 @@
           #include <include/nat-rule.xml.i>
           <tagNode name="rule">
             <children>
-              <leafNode name="inbound-interface">
-                <properties>
-                  <help>Inbound interface of NAT traffic</help>
-                  <completionHelp>
-                    <list>any</list>
-                    <script>${vyos_completion_dir}/list_interfaces.py</script>
-                  </completionHelp>
-                </properties>
-              </leafNode>
+              #include <include/inbound-interface.xml.i>
               <node name="translation">
                 <properties>
                   <help>Inside NAT IP (destination NAT only)</help>
@@ -65,6 +57,17 @@
         <children>
           #include <include/nat-rule.xml.i>
           <tagNode name="rule">
+            <properties>
+              <help>Rule number for NAT</help>
+              <valueHelp>
+                <format>u32:1-999999</format>
+                <description>Number of NAT rule</description>
+              </valueHelp>
+              <constraint>
+                <validator name="numeric" argument="--range 1-999999"/>
+              </constraint>
+              <constraintErrorMessage>NAT rule number must be between 1 and 999999</constraintErrorMessage>
+            </properties>
             <children>
               #include <include/nat-interface.xml.i>
               <node name="translation">
@@ -110,6 +113,38 @@
           </tagNode>
         </children>
       </node>
+      <node name="static">
+        <properties>
+          <help>Static NAT (one-to-one)</help>
+        </properties>
+        <children>
+          <tagNode name="rule">
+            <properties>
+              <help>Rule number for NAT</help>
+            </properties>
+            <children>
+              #include <include/generic-description.xml.i>
+              <node name="destination">
+                <properties>
+                  <help>NAT destination parameters</help>
+                </properties>
+                <children>
+                  #include <include/ipv4-address-prefix.xml.i>
+                </children>
+              </node>
+              #include <include/inbound-interface.xml.i>
+              <node name="translation">
+                <properties>
+                  <help>Translation address or prefix</help>
+                </properties>
+                <children>
+                  #include <include/ipv4-address-prefix.xml.i>
+                </children>
+              </node>
+            </children>
+          </tagNode>
+        </children>
+      </node>
     </children>
   </node>
 </interfaceDefinition>
author	Viacheslav Hletenko <v.gletenko@vyos.io>	2022-08-13 00:07:41 +0000
committer	Viacheslav Hletenko <v.gletenko@vyos.io>	2022-08-17 10:53:26 +0000
commit	69bcdb9a680b33422d041fd03e70c25094bfa6a2 (patch)
tree	845bd5bce027e72fd9dfba8f713c1e799bbdf9de /interface-definitions
parent	466e3b192d15563bc21fc308fa7916eb5aae8664 (diff)
download	vyos-1x-69bcdb9a680b33422d041fd03e70c25094bfa6a2.tar.gz vyos-1x-69bcdb9a680b33422d041fd03e70c25094bfa6a2.zip