Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

op-mode: T6371: fix output of NAT rules with single port range #3778

Merged
merged 1 commit into from
Jul 4, 2024
Merged

op-mode: T6371: fix output of NAT rules with single port range #3778

merged 1 commit into from
Jul 4, 2024

Conversation

Giggum
Copy link
Contributor

@Giggum Giggum commented Jul 4, 2024
edited
Loading

Change Summary

Reworked function that extracts port numbers from NAT rules to handle case where a single port range was defined. A bug that remained following improvements introduced in previous PR #3532.

The function now sufficiently covers all cases for NAT rule port definitions:

  1. Comma-separated list of ports or port-ranges
  2. A single port range
  3. A single port
  4. A negated (!) version of any of the above

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes)
  • Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
  • Other (please describe):

Related Task(s)

https://vyos.dev/T6371#194369

Related PR(s)

Component(s) name

Proposed changes

See above

How to test

1. configure NAT rules:
set nat destination rule 100 destination port '5000-8000'
set nat destination rule 100 inbound-interface name 'eth0'
set nat destination rule 100 protocol 'tcp'
set nat destination rule 100 source address '10.0.100.0/24'
set nat destination rule 100 translation address '10.100.100.1'
set nat destination rule 120 destination port '!120'
set nat destination rule 120 inbound-interface name 'eth0'
set nat destination rule 120 protocol 'tcp'
set nat destination rule 120 source address '10.0.120.0/24'
set nat destination rule 120 translation address '10.120.120.1'
set nat destination rule 130 destination port 'ftp,130,9000-9999'
set nat destination rule 130 inbound-interface name 'eth0'
set nat destination rule 130 protocol 'tcp'
set nat destination rule 130 source address '10.0.130.0/24'
set nat destination rule 130 translation address '10.130.130.1'
set nat destination rule 140 destination port '!ftp,130,999'
set nat destination rule 140 inbound-interface name 'eth0'
set nat destination rule 140 protocol 'udp'
set nat destination rule 140 source address '10.0.140.0/24'
set nat destination rule 140 translation address '10.140.140.1'
set nat destination rule 150 destination port '10000-12000,30000-33000'
set nat destination rule 150 inbound-interface name 'eth0'
set nat destination rule 150 protocol 'udp'
set nat destination rule 150 source address '10.0.150.0/24'
set nat destination rule 150 translation address '10.150.150.1'
set nat source rule 100 destination port '5000-8000'
set nat source rule 100 outbound-interface name 'eth0'
set nat source rule 100 protocol 'tcp'
set nat source rule 100 source address '10.0.0.0/24'
set nat source rule 100 translation address 'masquerade'
set nat source rule 120 destination port '120'
set nat source rule 120 outbound-interface name 'eth0'
set nat source rule 120 protocol 'tcp'
set nat source rule 120 source address '10.0.120.0/24'
set nat source rule 120 translation address 'masquerade'
set nat source rule 130 destination port 'ftp,130,9000-9999'
set nat source rule 130 outbound-interface name 'eth0'
set nat source rule 130 protocol 'tcp'
set nat source rule 130 source address '10.0.130.0/24'
set nat source rule 130 translation address 'masquerade'
set nat source rule 140 destination port '!ftp,130,999'
set nat source rule 140 outbound-interface name 'eth0'
set nat source rule 140 protocol 'udp'
set nat source rule 140 source address '10.0.140.0/24'
set nat source rule 140 translation address 'masquerade'
set nat source rule 150 destination port '10000-12000,30000-33000'
set nat source rule 150 outbound-interface name 'eth0'
set nat source rule 150 protocol 'udp'
set nat source rule 150 source address '10.0.150.0/24'
set nat source rule 150 translation address 'masquerade'

2. Show NAT rule output using 
show nat source rules 
show nat destination rules

Smoketest result

Checklist:

  • I have read the CONTRIBUTING document
  • I have linked this PR to one or more Phabricator Task(s)
  • I have run the components SMOKETESTS if applicable
  • My commit headlines contain a valid Task id
  • My change requires a change to the documentation
  • I have updated the documentation accordingly

@Giggum Giggum requested a review from a team as a code owner July 4, 2024 02:03
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 4, 2024
edited
Loading

👍
No issues in PR Title / Commit Title

@Giggum
Copy link
Contributor Author

Giggum commented Jul 4, 2024

Test output:

vyos@vyos:~$ show configuration commands | match "nat"
set nat destination rule 100 destination port '5000-8000'
set nat destination rule 100 inbound-interface name 'eth0'
set nat destination rule 100 protocol 'tcp'
set nat destination rule 100 source address '10.0.100.0/24'
set nat destination rule 100 translation address '10.100.100.1'
set nat destination rule 120 destination port '!120'
set nat destination rule 120 inbound-interface name 'eth0'
set nat destination rule 120 protocol 'tcp'
set nat destination rule 120 source address '10.0.120.0/24'
set nat destination rule 120 translation address '10.120.120.1'
set nat destination rule 130 destination port 'ftp,130,9000-9999'
set nat destination rule 130 inbound-interface name 'eth0'
set nat destination rule 130 protocol 'tcp'
set nat destination rule 130 source address '10.0.130.0/24'
set nat destination rule 130 translation address '10.130.130.1'
set nat destination rule 140 destination port '!ftp,130,999'
set nat destination rule 140 inbound-interface name 'eth0'
set nat destination rule 140 protocol 'udp'
set nat destination rule 140 source address '10.0.140.0/24'
set nat destination rule 140 translation address '10.140.140.1'
set nat destination rule 150 destination port '10000-12000,30000-33000'
set nat destination rule 150 inbound-interface name 'eth0'
set nat destination rule 150 protocol 'udp'
set nat destination rule 150 source address '10.0.150.0/24'
set nat destination rule 150 translation address '10.150.150.1'
set nat source rule 100 destination port '5000-8000'
set nat source rule 100 outbound-interface name 'eth0'
set nat source rule 100 protocol 'tcp'
set nat source rule 100 source address '10.0.0.0/24'
set nat source rule 100 translation address 'masquerade'
set nat source rule 120 destination port '120'
set nat source rule 120 outbound-interface name 'eth0'
set nat source rule 120 protocol 'tcp'
set nat source rule 120 source address '10.0.120.0/24'
set nat source rule 120 translation address 'masquerade'
set nat source rule 130 destination port 'ftp,130,9000-9999'
set nat source rule 130 outbound-interface name 'eth0'
set nat source rule 130 protocol 'tcp'
set nat source rule 130 source address '10.0.130.0/24'
set nat source rule 130 translation address 'masquerade'
set nat source rule 140 destination port '!ftp,130,999'
set nat source rule 140 outbound-interface name 'eth0'
set nat source rule 140 protocol 'udp'
set nat source rule 140 source address '10.0.140.0/24'
set nat source rule 140 translation address 'masquerade'
set nat source rule 150 destination port '10000-12000,30000-33000'
set nat source rule 150 outbound-interface name 'eth0'
set nat source rule 150 protocol 'udp'
set nat source rule 150 source address '10.0.150.0/24'
set nat source rule 150 translation address 'masquerade'
vyos@vyos:~$ show nat source rules
Rule    Source         Destination                    Proto    Out-Int    Translation
------  -------------  -----------------------------  -------  ---------  -------------
100     10.0.0.0/24    0.0.0.0/0                      TCP      eth0       masquerade
        sport any      dport 5000-8000
120     10.0.120.0/24  0.0.0.0/0                      IP       eth0       masquerade
        sport any      dport 120
130     10.0.130.0/24  0.0.0.0/0                      TCP      eth0       masquerade
        sport any      dport 21,130,9000-9999
140     10.0.140.0/24  0.0.0.0/0                      UDP      eth0       masquerade
        sport any      dport !21,130,999
150     10.0.150.0/24  0.0.0.0/0                      UDP      eth0       masquerade
        sport any      dport 10000-12000,30000-33000
vyos@vyos:~$ show nat destination rules
Rule    Source         Destination                    Proto    In-Int    Translation
------  -------------  -----------------------------  -------  --------  -------------
100     10.0.100.0/24  0.0.0.0/0                      TCP      eth0      10.100.100.1
        sport any      dport 5000-8000
120     10.0.120.0/24  0.0.0.0/0                      IP       eth0      10.120.120.1
        sport any      dport !120
130     10.0.130.0/24  0.0.0.0/0                      TCP      eth0      10.130.130.1
        sport any      dport 21,130,9000-9999
140     10.0.140.0/24  0.0.0.0/0                      UDP      eth0      10.140.140.1
        sport any      dport !21,130,999
150     10.0.150.0/24  0.0.0.0/0                      UDP      eth0      10.150.150.1
        sport any      dport 10000-12000,30000-33000
vyos@vyos:~$

@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 4, 2024

CI integration ❌ failed!

Details

CI logs

  • ❌ failed CLI Smoketests returned: 1
  • 👍 passed Config tests returned: 0
  • 👍 passed RAID1 tests returned: 0

@c-po c-po merged commit c0bb68e into vyos:current Jul 4, 2024
13 of 15 checks passed
@Giggum Giggum deleted the vyos_t6371 branch July 6, 2024 00:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@c-po c-po c-po approved these changes

@sever-sever sever-sever sever-sever approved these changes

@dmbaturin dmbaturin Awaiting requested review from dmbaturin dmbaturin was automatically assigned from vyos/reviewers

@sarthurdev sarthurdev Awaiting requested review from sarthurdev sarthurdev was automatically assigned from vyos/reviewers

@zdc zdc Awaiting requested review from zdc zdc was automatically assigned from vyos/reviewers

@jestabro jestabro Awaiting requested review from jestabro jestabro was automatically assigned from vyos/reviewers

@fett0 fett0 Awaiting requested review from fett0 fett0 was automatically assigned from vyos/reviewers

Assignees

@Giggum Giggum

Labels
current
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Giggum @sever-sever @c-po