Page MenuHomeVyOS Platform

Add support for bidirectional NAT
Closed, ResolvedPublic

Description

Pull from https://github.com/giandvd/vyatta-nat/tree/bidirectional-nat

This is shorthand for a pair of SNAT/DNAT rules. Ports, if specified, will be the same on both sides.

So you can do e.g:

nat {
    bidirectional {
        rule 101 {
            description Foo
            inbound-address W.X.Y.Z
            interface eth0
            outbound-address A.B.C.D
            protocol tcp {
                port 1234-1235,2000-3000
            }
            protocol udp {
                port 5060-5061,16384-19999
            }
        }
    }
}

Support for operational commands (e.g show nat bidirectional statistics) to
be added later.

This is implemented by creating virtual nat source and nat destination
rules on a custom reimplementation of Vyatta::Config that lets me add new
nodes. This config object is passed to Vyatta::SrcNatRule, Vyatta::DstNatRule,
and Vyatta::IpTables::AddressFilter as a parameter to their setup(), so I had
to modify those as well.

Details

Difficulty level
Easy (less than an hour)
Version
helium