From bc060277ab553a1971054b4990a70c7476cae62f Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Tue, 19 May 2020 21:54:13 +0200
Subject: nat: do not report unassigned IP address for DNAT

That warning made no sense as the destination address where we forward a port
to is by design not locally connected.
---
 src/conf_mode/nat.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py
index 406ec1caf..d491395ac 100755
--- a/src/conf_mode/nat.py
+++ b/src/conf_mode/nat.py
@@ -78,10 +78,6 @@ def verify_rule(rule, err_msg):
 
     if not rule['translation_address']:
         raise ConfigError(f'{err_msg} translation address not specified')
-    else:
-        addr = rule['translation_address']
-        if addr != 'masquerade' and not is_addr_assigned(addr):
-            print(f'Warning: IP address {addr} does not exist on the system!')
 
 
 def parse_source_destination(conf, source_dest):
@@ -225,6 +221,11 @@ def verify(nat):
         if not rule['interface_out']:
             raise ConfigError(f'{err_msg} outbound-interface not specified')
 
+        if rule['translation_address']:
+            addr = rule['translation_address']
+            if addr != 'masquerade' and not is_addr_assigned(addr):
+                print(f'Warning: IP address {addr} does not exist on the system!')
+
         # common rule verification
         verify_rule(rule, err_msg)
 
-- 
cgit v1.2.3