summaryrefslogtreecommitdiff
path: root/src/conf_mode/nat.py
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-05-16 00:16:40 +0200
committerChristian Poessinger <christian@poessinger.com>2020-05-16 18:25:58 +0200
commitcf6dcb61e1f102f3a9b9edb86eeecac92f944d0d (patch)
treebad6a95cfa7a53b8321de149e9b57617a9539e29 /src/conf_mode/nat.py
parente89f19c5bb0f7aa611cb4a8ac435b99127eee6db (diff)
downloadvyos-1x-cf6dcb61e1f102f3a9b9edb86eeecac92f944d0d.tar.gz
vyos-1x-cf6dcb61e1f102f3a9b9edb86eeecac92f944d0d.zip
nat: T2198: add support for SNAT based on source addresses
CLI commands used for ruleset generation: set nat source rule 100 outbound-interface 'eth0.202' set nat source rule 100 protocol 'all' set nat source rule 100 source address '192.0.2.0/26' set nat source rule 100 translation address 'masquerade' set nat source rule 110 outbound-interface 'eth0.202' set nat source rule 110 protocol 'tcp' set nat source rule 110 source address '192.0.2.0/26' set nat source rule 110 source port '5556' set nat source rule 110 translation address 'masquerade'
Diffstat (limited to 'src/conf_mode/nat.py')
-rwxr-xr-xsrc/conf_mode/nat.py2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py
index ebac6bfc0..5cb1af1f1 100755
--- a/src/conf_mode/nat.py
+++ b/src/conf_mode/nat.py
@@ -65,7 +65,7 @@ def get_handler(json, chain, target):
def verify_rule(rule, err_msg):
""" Common verify steps used for both source and destination NAT """
- if rule['translation_port'] or rule['dest_port']:
+ if rule['translation_port'] or rule['dest_port'] or rule['source_port']:
if rule['protocol'] not in ['tcp', 'udp', 'tcp_udp']:
proto = rule['protocol']
raise ConfigError(f'{err_msg} ports can only be specified when protocol is "tcp", "udp" or "tcp_udp" (currently "{proto}")')