diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-05-15 23:22:22 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-05-16 18:25:58 +0200 |
commit | 8062afa8a5beb73464e911cf7c5ca66f58585d0b (patch) | |
tree | 8ace09539637287a02b8675b87f2a22a5a8d2d28 /src | |
parent | 9cec8471dae531072946daf5dcb74a0a9fe1e86c (diff) | |
download | vyos-1x-8062afa8a5beb73464e911cf7c5ca66f58585d0b.tar.gz vyos-1x-8062afa8a5beb73464e911cf7c5ca66f58585d0b.zip |
nat: T2198: sync generated SNAT rules with VyOS 1.2
The generated NAT rules in VyOS 1.2 are compared to the generated nftables
ruleset in VyOS 1.3 this was done by converting the 1.2 iptables ruleset to
nftables and then do the diff. To convert from iptables to nftables use the
following command:
$ iptables-save -t nat > /tmp/tmp.iptables
$ iptables-restore-translate -f /tmp/tmp.iptables
The following CLI options have been used for testing:
set nat source rule 10 description 'foo-10'
set nat source rule 10 destination address '1.1.1.1'
set nat source rule 10 destination port '1111'
set nat source rule 10 exclude
set nat source rule 10 log 'enable'
set nat source rule 10 outbound-interface 'eth0.202'
set nat source rule 10 protocol 'tcp_udp'
set nat source rule 10 translation address '192.0.2.10'
set nat source rule 15 description 'foo-10'
set nat source rule 15 destination address '1.1.1.1'
set nat source rule 15 exclude
set nat source rule 15 log 'enable'
set nat source rule 15 outbound-interface 'eth0.202'
set nat source rule 15 protocol 'tcp_udp'
set nat source rule 15 translation address '192.0.2.10'
set nat source rule 20 description 'foo-20'
set nat source rule 20 destination address '2.2.2.2'
set nat source rule 20 log 'enable'
set nat source rule 20 outbound-interface 'eth0.201'
set nat source rule 20 protocol 'tcp'
set nat source rule 20 translation address '192.0.2.10'
set nat source rule 100 outbound-interface 'eth0.202'
set nat source rule 100 protocol 'all'
set nat source rule 100 source address '192.0.2.0/26'
set nat source rule 100 translation address 'masquerade'
Diffstat (limited to 'src')
0 files changed, 0 insertions, 0 deletions