From 4c61fa82f59e26023993be56be1ff9bf0cb5251e Mon Sep 17 00:00:00 2001
From: Nicolas Fort <nicolasfort1988@gmail.com>
Date: Wed, 19 Jul 2023 14:25:55 +0000
Subject: T4899: NAT Redirect: adddestination nat redirection (to local host)
 feature.

---
 python/vyos/nat.py | 42 +++++++++++++++++++++++-------------------
 1 file changed, 23 insertions(+), 19 deletions(-)

(limited to 'python')

diff --git a/python/vyos/nat.py b/python/vyos/nat.py
index 5b8d5d1a3..603fedb9b 100644
--- a/python/vyos/nat.py
+++ b/python/vyos/nat.py
@@ -54,28 +54,32 @@ def parse_nat_rule(rule_conf, rule_id, nat_type, ipv6=False):
         translation_str = 'return'
         log_suffix = '-EXCL'
     elif 'translation' in rule_conf:
-        translation_prefix = nat_type[:1]
-        translation_output = [f'{translation_prefix}nat']
         addr = dict_search_args(rule_conf, 'translation', 'address')
         port = dict_search_args(rule_conf, 'translation', 'port')
-
-        if addr and is_ip_network(addr):
-            if not ipv6:
-                map_addr =  dict_search_args(rule_conf, nat_type, 'address')
-                translation_output.append(f'{ip_prefix} prefix to {ip_prefix} {translation_prefix}addr map {{ {map_addr} : {addr} }}')
-                ignore_type_addr = True
-            else:
-                translation_output.append(f'prefix to {addr}')
-        elif addr == 'masquerade':
-            if port:
-                addr = f'{addr} to '
-            translation_output = [addr]
-            log_suffix = '-MASQ'
+        redirect_port = dict_search_args(rule_conf, 'translation', 'redirect', 'port')
+        if redirect_port:
+            translation_output = [f'redirect to {redirect_port}']
         else:
-            translation_output.append('to')
-            if addr:
-                addr = bracketize_ipv6(addr)
-                translation_output.append(addr)
+            translation_prefix = nat_type[:1]
+            translation_output = [f'{translation_prefix}nat']
+
+            if addr and is_ip_network(addr):
+                if not ipv6:
+                    map_addr =  dict_search_args(rule_conf, nat_type, 'address')
+                    translation_output.append(f'{ip_prefix} prefix to {ip_prefix} {translation_prefix}addr map {{ {map_addr} : {addr} }}')
+                    ignore_type_addr = True
+                else:
+                    translation_output.append(f'prefix to {addr}')
+            elif addr == 'masquerade':
+                if port:
+                    addr = f'{addr} to '
+                translation_output = [addr]
+                log_suffix = '-MASQ'
+            else:
+                translation_output.append('to')
+                if addr:
+                    addr = bracketize_ipv6(addr)
+                    translation_output.append(addr)
 
         options = []
         addr_mapping = dict_search_args(rule_conf, 'translation', 'options', 'address_mapping')
-- 
cgit v1.2.3