2 files changed, 44 insertions, 1 deletions

diff --git a/smoketest/scripts/cli/test_cgnat.py b/smoketest/scripts/cli/test_cgnat.py
index c65c58820..02dad3de5 100755
--- a/smoketest/scripts/cli/test_cgnat.py
+++ b/smoketest/scripts/cli/test_cgnat.py
@@ -95,5 +95,44 @@ class TestCGNAT(VyOSUnitTestSHIM.TestCase):
         self.verify_nftables(nftables_search, 'ip cgnat', inverse=False, args='-s')
 
 
+    def test_cgnat_sequence(self):
+        internal_name = 'earth'
+        external_name = 'milky_way'
+        internal_net = '100.64.0.0/28'
+
+        ext_addr_alpha_proxima = '192.0.2.121/32'
+        ext_addr_beta_cygni = '198.51.100.23/32'
+        ext_addr_gamma_leonis = '203.0.113.102/32'
+
+        ext_seq_beta_cygni = '3'
+        ext_seq_gamma_leonis = '10'
+
+        external_ports = '1024-65535'
+        ports_per_subscriber = '10000'
+        rule = '100'
+
+        nftables_search = [
+            ['100.64.0.0 : 198.51.100.23 . 1024-11023, 100.64.0.1 : 198.51.100.23 . 11024-21023'],
+            ['100.64.0.4 : 198.51.100.23 . 41024-51023, 100.64.0.5 : 198.51.100.23 . 51024-61023'],
+            ['100.64.0.6 : 203.0.113.102 . 1024-11023, 100.64.0.7 : 203.0.113.102 . 11024-21023'],
+            ['100.64.0.8 : 203.0.113.102 . 21024-31023, 100.64.0.9 : 203.0.113.102 . 31024-41023'],
+            ['100.64.0.10 : 203.0.113.102 . 41024-51023, 100.64.0.11 : 203.0.113.102 . 51024-61023'],
+            ['100.64.0.12 : 192.0.2.121 . 1024-11023, 100.64.0.13 : 192.0.2.121 . 11024-21023'],
+            ['100.64.0.14 : 192.0.2.121 . 21024-31023, 100.64.0.15 : 192.0.2.121 . 31024-41023'],
+        ]
+
+        self.cli_set(base_path + ['pool', 'external', external_name, 'external-port-range', external_ports])
+        self.cli_set(base_path + ['pool', 'external', external_name, 'per-user-limit', 'port', ports_per_subscriber])
+        self.cli_set(base_path + ['pool', 'external', external_name, 'range', ext_addr_alpha_proxima])
+        self.cli_set(base_path + ['pool', 'external', external_name, 'range', ext_addr_beta_cygni, 'seq', ext_seq_beta_cygni])
+        self.cli_set(base_path + ['pool', 'external', external_name, 'range', ext_addr_gamma_leonis, 'seq', ext_seq_gamma_leonis])
+        self.cli_set(base_path + ['pool', 'internal', internal_name, 'range', internal_net])
+        self.cli_set(base_path + ['rule', rule, 'source', 'pool', internal_name])
+        self.cli_set(base_path + ['rule', rule, 'translation', 'pool', external_name])
+        self.cli_commit()
+
+        self.verify_nftables(nftables_search, 'ip cgnat', inverse=False, args='-s')
+
+
 if __name__ == '__main__':
     unittest.main(verbosity=2)
diff --git a/src/conf_mode/nat_cgnat.py b/src/conf_mode/nat_cgnat.py
index 5ad65de80..957b12c28 100755
--- a/src/conf_mode/nat_cgnat.py
+++ b/src/conf_mode/nat_cgnat.py
@@ -252,7 +252,11 @@ def generate(config):
         ext_pool_name: str = rule_config['translation']['pool']
         int_pool_name: str = rule_config['source']['pool']
 
-        external_ranges: list = [range for range in config['pool']['external'][ext_pool_name]['range']]
+        # Sort the external ranges by sequence
+        external_ranges: list = sorted(
+            config['pool']['external'][ext_pool_name]['range'],
+            key=lambda r: int(config['pool']['external'][ext_pool_name]['range'][r].get('seq', 999999))
+        )
         internal_ranges: list = [range for range in config['pool']['internal'][int_pool_name]['range']]
         external_list_hosts_count = []
         external_list_hosts = []