diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-08-08 06:38:41 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-08-08 06:38:41 +0200 |
| commit | 69f983d45716683d0ce41bf094cf53548395717f (patch) | |
| tree | 207ca6c97864aebd5dd4fdd4906cbfdf8734a522 /src/conf_mode/nat.py | |
| parent | f651b61d45a7500711d2f058faf1e2ce48179e0d (diff) | |
| parent | 657a566df58478c2f5d4bccad952bfcb7991e847 (diff) | |
| download | vyos-1x-69f983d45716683d0ce41bf094cf53548395717f.tar.gz vyos-1x-69f983d45716683d0ce41bf094cf53548395717f.zip | |
Merge pull request #2119 from nicolas-fort/T5014-dnat
T5014: nat: add source and destination nat options for configuring lo…
Diffstat (limited to 'src/conf_mode/nat.py')
| -rwxr-xr-x | src/conf_mode/nat.py | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py index b27470b6e..8e3a11ff4 100755 --- a/src/conf_mode/nat.py +++ b/src/conf_mode/nat.py @@ -126,6 +126,18 @@ def verify_rule(config, err_msg, groups_dict): if config['protocol'] not in ['tcp', 'udp', 'tcp_udp']: raise ConfigError('Protocol must be tcp, udp, or tcp_udp when specifying a port-group') + if 'load_balance' in config: + for item in ['source-port', 'destination-port']: + if item in config['load_balance']['hash'] and config['protocol'] not in ['tcp', 'udp']: + raise ConfigError('Protocol must be tcp or udp when specifying hash ports') + count = 0 + if 'backend' in config['load_balance']: + for member in config['load_balance']['backend']: + weight = config['load_balance']['backend'][member]['weight'] + count = count + int(weight) + if count != 100: + Warning(f'Sum of weight for nat load balance rule is not 100. You may get unexpected behaviour') + def get_config(config=None): if config: conf = config @@ -199,7 +211,7 @@ def verify(nat): Warning(f'rule "{rule}" interface "{config["outbound_interface"]}" does not exist on this system') if not dict_search('translation.address', config) and not dict_search('translation.port', config): - if 'exclude' not in config: + if 'exclude' not in config and 'backend' not in config['load_balance']: raise ConfigError(f'{err_msg} translation requires address and/or port') addr = dict_search('translation.address', config) @@ -211,7 +223,6 @@ def verify(nat): # common rule verification verify_rule(config, err_msg, nat['firewall_group']) - if dict_search('destination.rule', nat): for rule, config in dict_search('destination.rule', nat).items(): err_msg = f'Destination NAT configuration error in rule {rule}:' @@ -223,7 +234,7 @@ def verify(nat): Warning(f'rule "{rule}" interface "{config["inbound_interface"]}" does not exist on this system') if not dict_search('translation.address', config) and not dict_search('translation.port', config) and not dict_search('translation.redirect.port', config): - if 'exclude' not in config: + if 'exclude' not in config and 'backend' not in config['load_balance']: raise ConfigError(f'{err_msg} translation requires address and/or port') # common rule verification |