Page MenuHomeVyOS Platform
Create Task
Maniphest T3102

Destination NAT fails to commit
Closed, ResolvedPublicBUG
Actions

Description

If source NAT configuration exists, subsequent destination NAT configuration fails to commit:

 nat {
+    destination {
+        rule 100 {
+            destination {
+                port 22
+            }
+            inbound-interface eth1
+            protocol tcp
+            translation {
+                address 192.168.1.4
+            }
+        }
+    }
     source {
         rule 100 {
             outbound-interface eth0
             translation {
                 address masquerade
             }
         }
     }
 }

admin@gw@# commit
[ nat ]
VyOS had an issue completing a command.

.
.
.

Report Time:      2020-12-01 15:40:30
Image Version:    VyOS 1.3-rolling-202012010217
Release Train:    equuleus

Built by:         [email protected]
Built on:         Tue 01 Dec 2020 02:17 UTC
Build UUID:       51f63067-cf03-4678-ad9b-907ba1b1170f
Build Commit ID:  65ebf0e2c4113c

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (i440FX + PIIX, 1996)
Hardware S/N:     
Hardware UUID:    510e9de4-a940-4b9c-b61a-9e996b5c7f67

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/nat.py", line 199, in <module>
    verify(c)
  File "/usr/libexec/vyos/conf_mode/nat.py", line 133, in verify
    if nat['helper_functions']:
KeyError: 'helper_functions'



[[nat]] failed
Commit failed

Details

Difficulty level
Easy (less than an hour)
Version
VyOS 1.3-rolling-202012010217
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

arfbarky created this task.Dec 1 2020, 8:43 PM
Unknown Object (User) changed the task status from Open to In progress.Dec 1 2020, 8:55 PM
Unknown Object (User) added a subscriber: Unknown Object (User).

PR https://github.com/vyos/vyos-1x/pull/628

Unknown Object (User) assigned this task to c-po.Dec 1 2020, 8:55 PM
pasik added a subscriber: pasik.Dec 1 2020, 9:00 PM
c-po changed the task status from In progress to Needs testing.Dec 1 2020, 9:58 PM
c-po triaged this task as High priority.
c-po changed Difficulty level from Unknown (require assessment) to Easy (less than an hour).

Thank you @Dmitry, it will be in tomorrows rolling release.

c-po added a comment.Dec 1 2020, 10:03 PM
table ip nat {
        chain PREROUTING {
                type nat hook prerouting priority dstnat; policy accept;
                iifname "eth1" tcp dport { 22 } counter packets 0 bytes 0 dnat to 192.168.1.4 comment "DST-NAT-100"
        }
}

rule is now installed, it was a refactoring error on my side.

c-po closed this task as Resolved.Dec 1 2020, 10:04 PM
erkin set Issue type to Bug (incorrect behavior).Aug 29 2021, 12:09 PM
erkin removed a subscriber: Active contributors.
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Nov 6 2021, 12:20 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Aug 29 2022, 12:16 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.