diff options
| author | Christian Poessinger <christian@poessinger.com> | 2020-05-16 00:16:40 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2020-05-16 18:25:58 +0200 |
| commit | cf6dcb61e1f102f3a9b9edb86eeecac92f944d0d (patch) | |
| tree | bad6a95cfa7a53b8321de149e9b57617a9539e29 /src/conf_mode | |
| parent | e89f19c5bb0f7aa611cb4a8ac435b99127eee6db (diff) | |
| download | vyos-1x-cf6dcb61e1f102f3a9b9edb86eeecac92f944d0d.tar.gz vyos-1x-cf6dcb61e1f102f3a9b9edb86eeecac92f944d0d.zip | |
nat: T2198: add support for SNAT based on source addresses
CLI commands used for ruleset generation:
set nat source rule 100 outbound-interface 'eth0.202'
set nat source rule 100 protocol 'all'
set nat source rule 100 source address '192.0.2.0/26'
set nat source rule 100 translation address 'masquerade'
set nat source rule 110 outbound-interface 'eth0.202'
set nat source rule 110 protocol 'tcp'
set nat source rule 110 source address '192.0.2.0/26'
set nat source rule 110 source port '5556'
set nat source rule 110 translation address 'masquerade'
Diffstat (limited to 'src/conf_mode')
| -rwxr-xr-x | src/conf_mode/nat.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py index ebac6bfc0..5cb1af1f1 100755 --- a/src/conf_mode/nat.py +++ b/src/conf_mode/nat.py @@ -65,7 +65,7 @@ def get_handler(json, chain, target): def verify_rule(rule, err_msg): """ Common verify steps used for both source and destination NAT """ - if rule['translation_port'] or rule['dest_port']: + if rule['translation_port'] or rule['dest_port'] or rule['source_port']: if rule['protocol'] not in ['tcp', 'udp', 'tcp_udp']: proto = rule['protocol'] raise ConfigError(f'{err_msg} ports can only be specified when protocol is "tcp", "udp" or "tcp_udp" (currently "{proto}")') |