Page MenuHomeVyOS Platform

sh nat source translations python error
Open, Requires assessmentPublicBUG

Description

Reproduce errors:
Start ping from a host behind wan load-balancing.
Then enter command "sh nat source translations".

Afterwards the error message is displayed below:
(The error appears only if sessions are active)

admin@lab01:~$ sh nat source translations
Traceback (most recent call last):
  File "/usr/libexec/vyos/op_mode/show_nat_translations.py", line 200, in <module>
Pre-NAT              Post-NAT             Prot  Timeout
    main()
  File "/usr/libexec/vyos/op_mode/show_nat_translations.py", line 196, in main
    process(run(command(arg.type, arg.proto, arg.ipaddr)), arg.stats, arg.proto, arg.pipe, arg.verbose, arg.type)
  File "/usr/libexec/vyos/op_mode/show_nat_translations.py", line 106, in process
    rule_type = rule.get('type', '')
AttributeError: 'str' object has no attribute 'get'

Config:

set interfaces bonding bond0 description 'WAN'
set interfaces bonding bond0 hash-policy 'layer2'
set interfaces bonding bond0 member interface 'eth0'
set interfaces bonding bond0 member interface 'eth1'
set interfaces bonding bond0 mode '802.3ad'
set interfaces bonding bond0 mtu '9000'
set interfaces bonding bond0 vif 1010 address 'xxx.xxx.107.21/29'
set interfaces bonding bond0 vif 1010 description 'ISP1'
set interfaces bonding bond0 vif 1010 mtu '1500'
set interfaces bonding bond0 vif 1011 address 'xxx.xxx.156.243/29'
set interfaces bonding bond0 vif 1011 description 'ISP2'
set interfaces bonding bond0 vif 1011 mtu '1500'
#....
set interfaces bonding bond1 description 'LAN'
set interfaces bonding bond1 hash-policy 'layer2'
set interfaces bonding bond1 member interface 'eth4'
set interfaces bonding bond1 member interface 'eth5'
set interfaces bonding bond1 mode '802.3ad'
set interfaces bonding bond1 mtu '9000'
set interfaces bonding bond1 vif 44 address 'xxx.xxx.44.2/24'
set interfaces bonding bond1 vif 44 description 'Multimedia'
set interfaces bonding bond1 vif 66 address 'xxx.xxx.66.2/24'
set interfaces bonding bond1 vif 66 description 'Data'
#....
set load-balancing wan flush-connections
set load-balancing wan interface-health bond0.1010 failure-count '1'
set load-balancing wan interface-health bond0.1010 nexthop 'xxx.xxx.107.17'
set load-balancing wan interface-health bond0.1010 success-count '1'
set load-balancing wan interface-health bond0.1010 test 1 resp-time '5'
set load-balancing wan interface-health bond0.1010 test 1 target 'xxx.xxx.8.8'
set load-balancing wan interface-health bond0.1010 test 1 ttl-limit '1'
set load-balancing wan interface-health bond0.1011 failure-count '1'
set load-balancing wan interface-health bond0.1011 nexthop 'xxx.xxx.156.241'
set load-balancing wan interface-health bond0.1011 success-count '1'
set load-balancing wan interface-health bond0.1011 test 1 resp-time '5'
set load-balancing wan interface-health bond0.1011 test 1 target 'xxx.xxx.4.4'
set load-balancing wan interface-health bond0.1011 test 1 ttl-limit '1'
set load-balancing wan rule 1 failover
set load-balancing wan rule 1 inbound-interface 'bond1.66'
set load-balancing wan rule 1 interface bond0.1010 weight '255'
set load-balancing wan rule 1 interface bond0.1011 weight '250'
set load-balancing wan rule 1 protocol 'all'
set load-balancing wan sticky-connections inbound

Details

Difficulty level
Easy (less than an hour)
Version
1.3-rolling-202011150217
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

tuxnet created this task.Mon, Nov 16, 8:24 AM

Is there no NAT policy?

tuxnet added a comment.EditedMon, Nov 16, 9:48 AM

Sorry, I have forgotten to copy them.
the error does not occur with every query (nor as a supplement)

set nat source rule 100 outbound-interface 'bond0.1010'
set nat source rule 100 source address 'xxx.xxx.0.0/16'
set nat source rule 100 translation address 'masquerade'
set nat source rule 200 outbound-interface 'bond0.1011'
set nat source rule 200 source address 'xxx.xxx.0.0/16'
set nat source rule 200 translation address 'masquerade'

Please execute and analyze the following command to return the result, and carry out fault exploration, if possible, please output the result

/usr/sbin/conntrack -o xml -L

@jack9603301 Below the desired information:

<?xml version="1.0" encoding="utf-8"?>
<conntrack>
<flow><meta direction="original"><layer3 protonum="2" protoname="ipv4"><src>10.1.99.60</src><dst>10.1.99.2</dst></layer3><layer4 protonum="6" protoname="tcp"><sport>61197</sport><dport>22</dport></layer4></meta><meta direction="reply"><layer3 protonum="2" protoname="ipv4"><src>10.1.99.2</src><dst>10.1.99.60</dst></layer3><layer4 protonum="6" protoname="tcp"><sport>22</sport><dport>61197</dport></layer4></meta><meta direction="independent"><state>ESTABLISHED</state><timeout>299</timeout><mark>0</mark><use>1</use><id>3482625283</id><assured/></meta></flow>
<flow><meta direction="original"><layer3 protonum="2" protoname="ipv4"><src>10.1.99.148</src><dst>255.255.255.255</dst></layer3><layer4 protonum="17" protoname="udp"><sport>5678</sport><dport>5678</dport></layer4></meta><meta direction="reply"><layer3 protonum="2" protoname="ipv4"><src>255.255.255.255</src><dst>10.1.99.148</dst></layer3><layer4 protonum="17" protoname="udp"><sport>5678</sport><dport>5678</dport></layer4></meta><meta direction="independent"><timeout>28</timeout><mark>0</mark><use>1</use><id>1423872527</id><unreplied/></meta></flow>
<flow><meta direction="original"><layer3 protonum="2" protoname="ipv4"><src>10.1.66.23</src><dst>8.8.8.8</dst></layer3><layer4 protonum="1" protoname="icmp"></layer4></meta><meta direction="reply"><layer3 protonum="2" protoname="ipv4"><src>8.8.8.8</src><dst>1x.xxx.xx.21</dst></layer3><layer4 protonum="1" protoname="icmp"></layer4></meta><meta direction="independent"><timeout>28</timeout><mark>201</mark><use>1</use><id>1988139721</id><unreplied/></meta></flow>
<flow><meta direction="original"><layer3 protonum="2" protoname="ipv4"><src>192.168.11.1</src><dst>192.168.11.2</dst></layer3><layer4 protonum="240" protoname="unknown"></layer4></meta><meta direction="reply"><layer3 protonum="2" protoname="ipv4"><src>192.168.11.2</src><dst>192.168.11.1</dst></layer3><layer4 protonum="240" protoname="unknown"></layer4></meta><meta direction="independent"><timeout>599</timeout><mark>0</mark><use>1</use><id>1458422237</id><unreplied/></meta></flow>
</conntrack>
pasik added a subscriber: pasik.Tue, Nov 17, 7:12 AM
jack9603301 added a comment.EditedWed, Nov 18, 9:58 AM

Let the responsible person of T2859 take care of it. I have not been able to see the problem from the information you provided for the time being. If you are familiar with python and linux, you can consider troubleshooting by yourself to try to find the problem. If not, just ask Maintenance personnel reproduce the fault

This task list has been considered a duplicate of T2859