T5472: nat redirect: allow redirection without defining redirected port #2162

nicolas-fort · 2023-08-23T13:03:19Z

Change Summary

Allow redirection without defining redirected port

Types of changes

Bug fix (non-breaking change which fixes an issue)
New feature (non-breaking change which adds functionality)
Code style update (formatting, renaming)
Refactoring (no functional changes)
Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
Other (please describe):

Related Task(s)

https://vyos.dev/T5472

Component(s) name

nat

Proposed changes

Allow redirection without defining redirected port

How to test

vyos@redirect# run show config comm | grep nat
set nat destination rule 10 destination port '53'
set nat destination rule 10 inbound-interface 'eth4'
set nat destination rule 10 protocol 'udp'
set nat destination rule 10 translation redirect
set nat destination rule 20 destination port '21'
set nat destination rule 20 inbound-interface 'pppoe0'
set nat destination rule 20 protocol 'tcp'
set nat destination rule 20 translation redirect port '1021'
set nat destination rule 30 destination port '1001'
set nat destination rule 30 inbound-interface 'eth2'
set nat destination rule 30 protocol 'tcp'
set nat destination rule 30 translation address '198.51.100.100'
set nat destination rule 30 translation port '5555'
[edit]
vyos@redirect# sudo nft -s list table ip vyos_nat
table ip vyos_nat {
        chain PREROUTING {
                type nat hook prerouting priority dstnat; policy accept;
                counter jump VYOS_PRE_DNAT_HOOK
                iifname "eth4" udp dport 53 counter redirect comment "DST-NAT-10"
                iifname "pppoe0" tcp dport 21 counter redirect to :1021 comment "DST-NAT-20"
                iifname "eth2" tcp dport 1001 counter dnat to 198.51.100.100:5555 comment "DST-NAT-30"
        }

        chain POSTROUTING {
                type nat hook postrouting priority srcnat; policy accept;
                counter jump VYOS_PRE_SNAT_HOOK
        }

        chain VYOS_PRE_DNAT_HOOK {
                return
        }

        chain VYOS_PRE_SNAT_HOOK {
                return
        }
}
[edit]
vyos@redirect#

Checklist:

I have read the CONTRIBUTING document
I have linked this PR to one or more Phabricator Task(s)
I have run the components SMOKETESTS if applicable
My commit headlines contain a valid Task id
My change requires a change to the documentation
I have updated the documentation accordingly

T5472: nat redirect: allow redirection without defining redirected port

f0ae034

vyosbot requested a review from a team August 23, 2023 13:03

github-actions bot assigned nicolas-fort Aug 23, 2023

vyosbot requested review from dmbaturin, sarthurdev, zdc, jestabro, sever-sever and c-po and removed request for a team August 23, 2023 13:03

sarthurdev approved these changes Aug 23, 2023

View reviewed changes

c-po approved these changes Aug 23, 2023

View reviewed changes

c-po merged commit 7659c45 into vyos:current Aug 23, 2023
6 of 7 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

T5472: nat redirect: allow redirection without defining redirected port #2162

T5472: nat redirect: allow redirection without defining redirected port #2162

nicolas-fort commented Aug 23, 2023

T5472: nat redirect: allow redirection without defining redirected port #2162

T5472: nat redirect: allow redirection without defining redirected port #2162

Conversation

nicolas-fort commented Aug 23, 2023

Change Summary

Types of changes

Related Task(s)

Component(s) name

Proposed changes

How to test

Checklist: