Page MenuHomeVyOS Platform

DNAT configuration issue
Closed, InvalidPublicBUG

Description

Version: VyOS 1.2.1-S2

show nat destination rule 46
 description "Liniya IP Galaktika"
 destination {
     address x.x.x.x
     port 49786
 }
 inbound-interface eth0.17
 log enable
 protocol tcp
 translation {
     address 10.1.3.109
     port 9786
 }

tcpdump on internal interface

17:44:04.136924 IP 195.181.208.61.45989 > 10.1.3.109.9786: Flags [S], seq 4278142654, win 65535, options [mss 1240,sackOK,TS val 95139529 ecr 0,nop,wscale 9], length 0
17:44:04.188032 IP 10.1.3.109.9786 > 195.181.208.61.45989: Flags [S.], seq 4233097090, ack 4278142655, win 28960, options [mss 1460,sackOK,TS val 3253055736 ecr 95139529,nop,wscale 7], length 0
17:44:04.270273 IP 195.181.208.61.45995 > 10.1.3.109.9786: Flags [S], seq 3710095113, win 65535, options [mss 1240,sackOK,TS val 95139573 ecr 0,nop,wscale 9], length 0

on external:

17:15:43.026882 IP 195.181.208.61.47323 > x.x.x.x.9786: Flags [S], seq 2763250150, win 65535, options [mss 1240,sackOK,TS val 94644764 ecr 0,nop,wscale 9], length 0
17:15:43.035219 IP 10.1.3.109.9786 > 195.181.208.61.45717: Flags [S.], seq 2815373895, ack 1891975928, win 28960, options [mss 1460,sackOK,TS val 3252630468 ecr 94644749,nop,wscale 7], length 0
17:15:43.064047 IP 195.181.208.61.38041 > x.x.x.x.39786: Flags [S], seq 2356537530, win 65535, options [mss 1240,sackOK,TS val 94644778 ecr 0,nop,wscale 9], length 0
17:15:43.159228 IP 10.1.3.109.9786 > 195.181.208.61.45723: Flags [S.], seq 3069714775, ack 850323291, win 28960, options [mss 1460,sackOK,TS val 3252630498 ecr 94644793,nop,wscale 7], length 0
17:15:43.171486 IP 195.181.208.61.47329 > x.x.x.x.9786: Flags [S], seq 3289683761, win 65535, options [mss 1240,sackOK,TS val 94644807 ecr 0,nop,wscale 9], length 0
17:15:43.217653 IP 195.181.208.61.38047 > x.x.x.x.39786: Flags [S], seq 831101836, win 65535, options [mss 1240,sackOK,TS val 94644821 ecr 0,nop,wscale 9], length 0
17:15:44.029168 IP 195.181.208.61.47323 > x.x.x.x.9786: Flags [S], seq 2763250150, win 65535, options [mss 1240,sackOK,TS val 94645065 ecr 0,nop,wscale 9], length 0

Why on external interface i saw local IP 10.1.3.109???
SNAT from same IP works OK, i see external VyOS ip...

Details

Difficulty level
Unknown (require assessment)
Version
1.2.1-S2
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

syncer assigned this task to Unknown Object (User).Aug 30 2019, 11:49 PM
syncer triaged this task as Normal priority.
syncer edited projects, added VyOS 1.3 Equuleus; removed VyOS 1.2 Crux.
Unknown Object (User) added a comment.Sep 2 2019, 4:43 PM

Hello @hexes, do you have D-NAT rules for destination port 9786 on external ip? Can you give me advanced info how I can reproduce this?
Also you can masking config with command show ... | strip-private . I need all firewall and nat rules.
ps:/ In my test lab I can't reproduce this issue.

Unknown Object (User) closed this task as Invalid.Apr 1 2020, 1:22 PM
syncer set Is it a breaking change? to Unspecified (possibly destroys the router).