From 40e8938667b06615e0a1a26271a30e00f8cff2c6 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 1 May 2020 13:23:20 +0200 Subject: nat: T2198: initial XML and Python representation --- .../include/nat-address-port.xml.i | 47 +++++++++ interface-definitions/include/nat-rule.xml.i | 86 ++++++++++++++++ .../include/nat-translation-port.xml.i | 13 +++ interface-definitions/nat.xml.in | 110 +++++++++++++++++++++ 4 files changed, 256 insertions(+) create mode 100644 interface-definitions/include/nat-address-port.xml.i create mode 100644 interface-definitions/include/nat-rule.xml.i create mode 100644 interface-definitions/include/nat-translation-port.xml.i create mode 100644 interface-definitions/nat.xml.in (limited to 'interface-definitions') diff --git a/interface-definitions/include/nat-address-port.xml.i b/interface-definitions/include/nat-address-port.xml.i new file mode 100644 index 000000000..0848364ff --- /dev/null +++ b/interface-definitions/include/nat-address-port.xml.i @@ -0,0 +1,47 @@ + + + IP address, subnet, or range + + ipv4 + IPv4 address to match + + + ipv4net + IPv4 prefix to match + + + ipv4range + IPv4 address range to match + + + !ipv4 + Match everything except the specified address + + + !ipv4net + Match everything except the specified prefix + + + !ipv4range + Match everything except the specified range + + + + + + + Port number + + 1-65535 + Numeric IP port + + + start-end + Numbered port range (e.g., 1001-1005) + + + + \n\nMultiple destination ports can be specified as a comma-separated list.\nThe whole list can also be negated using '!'.\nFor example: '!22,telnet,http,123,1001-1005' + + + diff --git a/interface-definitions/include/nat-rule.xml.i b/interface-definitions/include/nat-rule.xml.i new file mode 100644 index 000000000..fdba4b8bd --- /dev/null +++ b/interface-definitions/include/nat-rule.xml.i @@ -0,0 +1,86 @@ + + + Rule number for NAT + + 1-9999 + Number for this NAT rule + + + + + NAT rule number must be between 1 and 9999 + + + + + Rule description + + + + + NAT destination parameters + + + #include + + + + + Disable NAT rule + + + + + + Exclude packets matching this rule from NAT + + + + + + NAT rule logging + + + + + + Protocol to NAT + + tcp udp tcp_udp all + + + tcp + Transmission Control Protocol + + + udp + User Datagram Protocol + + + tcp_udp + Both TCP and UDP + + + all + All IP protocols + + + 0-255 + IP protocol number + + + !<protocol> + All IP protocols except for the specified name or number (negation) + + + + + + NAT source parameters + + + #include + + + + diff --git a/interface-definitions/include/nat-translation-port.xml.i b/interface-definitions/include/nat-translation-port.xml.i new file mode 100644 index 000000000..93de471e3 --- /dev/null +++ b/interface-definitions/include/nat-translation-port.xml.i @@ -0,0 +1,13 @@ + + + Port number + + 1-65535 + Numeric IP port + + + <start>-<end> + Numbered port range (e.g., 1001-1005) + + + diff --git a/interface-definitions/nat.xml.in b/interface-definitions/nat.xml.in new file mode 100644 index 000000000..bcbdb37af --- /dev/null +++ b/interface-definitions/nat.xml.in @@ -0,0 +1,110 @@ + + + + + Network Address Translation (NAT) parameters + 220 + + + + + Destination NAT settings + + + #include + + + + + Inbound interface of NAT traffic + + + + + + + + Inside NAT IP (destination NAT only) + + + + + IP address, subnet, or range + + ipv4 + IPv4 address to match + + + ipv4net + IPv4 prefix to match + + + ipv4range + IPv4 address range to match + + + + + #include + + + + + + + + + Source NAT settings + + + #include + + + + + Outbound interface of NAT traffic + + + + + + + + Outside NAT IP (source NAT only) + + + + + IP address, subnet, or range + + masquerade + + + ipv4 + IPv4 address to match + + + ipv4net + IPv4 prefix to match + + + ipv4range + IPv4 address range to match + + + masquerade + NAT to the primary address of outbound-interface + + + + + #include + + + + + + + + + -- cgit v1.2.3