Page MenuHomeVyOS Platform
Create Task
Maniphest T4499

NAT source translation not showing a single output
Closed, ResolvedPublicBUG
Actions

Description

forum bug reference: https://forum.vyos.io/t/nat-source-translation-not-showing-a-single-output-cont/9079

Running version: VyOS 1.4-rolling-202206200217

Reopened; thought problem was solved by upgrading; however still exists in this version

I’ve got source nat configured, when I run the command sh nat source translations detail when no entries are in the translation table, I get an empty output; which is expected.

When I force an entry in the table by pinging an external host (10.101.0.61); I would expect to show the translation in the table, however running the previous command again I get:

Pre-NAT src          Pre-NAT dst        Post-NAT src         Post-NAT dst

So the command is just showing me the headers.

When I ping a second external host (10.101.0.62) and rerun the command, I get:

Pre-NAT src          Pre-NAT dst        Post-NAT src         Post-NAT dst      
10.101.50.200        10.101.0.61        10.101.41.1          10.101.0.61       
  icmp: 10.101.50.200 ==> 10.101.41.1 timeout: 13 use: 1 
10.101.50.200        10.101.0.62        10.101.41.1          10.101.0.62       
  icmp: 10.101.50.200 ==> 10.101.41.1 timeout: 16 use: 1

Now the command will show me both entries; but only for as long as the timeout of the first entry has not exceeded…

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.4-rolling-202206200217
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

P-T-I created this task.Jun 30 2022, 6:00 AM
pasik added a subscriber: pasik.Jun 30 2022, 7:47 AM
Viacheslav added a subscriber: Viacheslav.Jun 30 2022, 9:14 AM

There is no dict if exists only one record in the https://github.com/vyos/vyos-1x/blob/cefc7ce9bfcf7750700e73edbc21864fe8ab0bee/src/op_mode/show_nat_translations.py#L103-L110
So it can't parse correctly

Example with one XML entry:

vyos@r14:~$ show nat source translations
DEBUG: command /usr/sbin/conntrack -o xml -L -n
Pre-NAT              Post-NAT             Prot  Timeout  

DEBUG: before loop rule:  OrderedDict([('meta', [OrderedDict([('@direction', 'original'), ('layer3', OrderedDict([('@protonum', '2'), ('@protoname', 'ipv4'), ('src', '192.0.2.10'), ('dst', '1.1.1.2')])), ('layer4', OrderedDict([('@protonum', '1'), ('@protoname', 'icmp')]))]), OrderedDict([('@direction', 'reply'), ('layer3', OrderedDict([('@protonum', '2'), ('@protoname', 'ipv4'), ('src', '1.1.1.2'), ('dst', '192.168.122.14')])), ('layer4', OrderedDict([('@protonum', '1'), ('@protoname', 'icmp')]))]), OrderedDict([('@direction', 'independent'), ('timeout', '9'), ('mark', '0'), ('use', '1'), ('id', '623836854')])])])

DEBUG: RULE: meta

vyos@r14:~$

Example with 2 XML entries:

vyos@r14:~$ show nat source translations
DEBUG: command /usr/sbin/conntrack -o xml -L -n
Pre-NAT              Post-NAT             Prot  Timeout  

DEBUG: before loop rule:  [OrderedDict([('meta', [OrderedDict([('@direction', 'original'), ('layer3', OrderedDict([('@protonum', '2'), ('@protoname', 'ipv4'), ('src', '192.0.2.10'), ('dst', '1.1.1.2')])), ('layer4', OrderedDict([('@protonum', '1'), ('@protoname', 'icmp')]))]), OrderedDict([('@direction', 'reply'), ('layer3', OrderedDict([('@protonum', '2'), ('@protoname', 'ipv4'), ('src', '1.1.1.2'), ('dst', '192.168.122.14')])), ('layer4', OrderedDict([('@protonum', '1'), ('@protoname', 'icmp')]))]), OrderedDict([('@direction', 'independent'), ('timeout', '9'), ('mark', '0'), ('use', '1'), ('id', '3159836672')])])]), OrderedDict([('meta', [OrderedDict([('@direction', 'original'), ('layer3', OrderedDict([('@protonum', '2'), ('@protoname', 'ipv4'), ('src', '192.0.2.10'), ('dst', '1.1.1.2')])), ('layer4', OrderedDict([('@protonum', '1'), ('@protoname', 'icmp')]))]), OrderedDict([('@direction', 'reply'), ('layer3', OrderedDict([('@protonum', '2'), ('@protoname', 'ipv4'), ('src', '1.1.1.2'), ('dst', '192.168.122.14')])), ('layer4', OrderedDict([('@protonum', '1'), ('@protoname', 'icmp')]))]), OrderedDict([('@direction', 'independent'), ('timeout', '5'), ('mark', '0'), ('use', '1'), ('id', '623836854')])])])]

DEBUG: RULE: OrderedDict([('meta', [OrderedDict([('@direction', 'original'), ('layer3', OrderedDict([('@protonum', '2'), ('@protoname', 'ipv4'), ('src', '192.0.2.10'), ('dst', '1.1.1.2')])), ('layer4', OrderedDict([('@protonum', '1'), ('@protoname', 'icmp')]))]), OrderedDict([('@direction', 'reply'), ('layer3', OrderedDict([('@protonum', '2'), ('@protoname', 'ipv4'), ('src', '1.1.1.2'), ('dst', '192.168.122.14')])), ('layer4', OrderedDict([('@protonum', '1'), ('@protoname', 'icmp')]))]), OrderedDict([('@direction', 'independent'), ('timeout', '9'), ('mark', '0'), ('use', '1'), ('id', '3159836672')])])])

DEBUG: META: OrderedDict([('@direction', 'original'), ('layer3', OrderedDict([('@protonum', '2'), ('@protoname', 'ipv4'), ('src', '192.0.2.10'), ('dst', '1.1.1.2')])), ('layer4', OrderedDict([('@protonum', '1'), ('@protoname', 'icmp')]))])
DEBUG: META: OrderedDict([('@direction', 'reply'), ('layer3', OrderedDict([('@protonum', '2'), ('@protoname', 'ipv4'), ('src', '1.1.1.2'), ('dst', '192.168.122.14')])), ('layer4', OrderedDict([('@protonum', '1'), ('@protoname', 'icmp')]))])
DEBUG: META: OrderedDict([('@direction', 'independent'), ('timeout', '9'), ('mark', '0'), ('use', '1'), ('id', '3159836672')])
192.0.2.10           192.168.122.14       icmp  9        

DEBUG: RULE: OrderedDict([('meta', [OrderedDict([('@direction', 'original'), ('layer3', OrderedDict([('@protonum', '2'), ('@protoname', 'ipv4'), ('src', '192.0.2.10'), ('dst', '1.1.1.2')])), ('layer4', OrderedDict([('@protonum', '1'), ('@protoname', 'icmp')]))]), OrderedDict([('@direction', 'reply'), ('layer3', OrderedDict([('@protonum', '2'), ('@protoname', 'ipv4'), ('src', '1.1.1.2'), ('dst', '192.168.122.14')])), ('layer4', OrderedDict([('@protonum', '1'), ('@protoname', 'icmp')]))]), OrderedDict([('@direction', 'independent'), ('timeout', '5'), ('mark', '0'), ('use', '1'), ('id', '623836854')])])])

DEBUG: META: OrderedDict([('@direction', 'original'), ('layer3', OrderedDict([('@protonum', '2'), ('@protoname', 'ipv4'), ('src', '192.0.2.10'), ('dst', '1.1.1.2')])), ('layer4', OrderedDict([('@protonum', '1'), ('@protoname', 'icmp')]))])
DEBUG: META: OrderedDict([('@direction', 'reply'), ('layer3', OrderedDict([('@protonum', '2'), ('@protoname', 'ipv4'), ('src', '1.1.1.2'), ('dst', '192.168.122.14')])), ('layer4', OrderedDict([('@protonum', '1'), ('@protoname', 'icmp')]))])
DEBUG: META: OrderedDict([('@direction', 'independent'), ('timeout', '5'), ('mark', '0'), ('use', '1'), ('id', '623836854')])
192.0.2.10           192.168.122.14       icmp  5        
vyos@r14:~$
Viacheslav added a comment.Jul 9 2022, 10:25 AM

PR https://github.com/vyos/vyos-1x/pull/1405

vyos@r14:~$ sudo conntrack -L --src-nat
icmp     1 29 src=192.0.2.10 dst=1.1.1.1 type=8 code=0 id=2156 src=1.1.1.1 dst=192.168.122.14 type=0 code=0 id=2156 mark=0 use=1
conntrack v1.4.6 (conntrack-tools): 1 flow entries have been shown.
vyos@r14:~$

Show translations

vyos@r14:~$ show nat source translations 
Pre-NAT              Post-NAT             Prot  Timeout  
192.0.2.10           192.168.122.14       icmp  29       
vyos@r14:~$
Viacheslav changed the task status from Open to In progress.Jul 9 2022, 10:25 AM
Viacheslav claimed this task.
Viacheslav added a project: VyOS 1.3 Equuleus (1.3.2).Jul 9 2022, 12:13 PM
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Viacheslav closed this task as Resolved.Jul 9 2022, 1:26 PM
Viacheslav removed a project: VyOS 1.3 Equuleus (1.3.2).