Page MenuHomePhabricator

vyatta-natProject
ActivePublic

Members

  • This project does not have any members.

Watchers

  • This project does not have any watchers.

Details

Description

This package has Vyatta configuration and operational templates and scripts for NAT.

Recent Activity

Thu, Jan 24

hexes closed T1195: Passive FTP + NAT + Privileged Port as Resolved.
Thu, Jan 24, 4:09 PM · vyos-kernel, vyatta-cfg-firewall, vyatta-nat, VyOS-1.2.0-GA
hexes added a comment to T1195: Passive FTP + NAT + Privileged Port.

I'm not sure. Only hypothesis...

Thu, Jan 24, 4:09 PM · vyos-kernel, vyatta-cfg-firewall, vyatta-nat, VyOS-1.2.0-GA
Line2 added a comment to T1195: Passive FTP + NAT + Privileged Port.

are you sure, or could it be related to conntrack helper topic in T1141?

Thu, Jan 24, 2:58 PM · vyos-kernel, vyatta-cfg-firewall, vyatta-nat, VyOS-1.2.0-GA
hexes created T1195: Passive FTP + NAT + Privileged Port in the S1 VyOS Public space.
Thu, Jan 24, 1:26 AM · vyos-kernel, vyatta-cfg-firewall, vyatta-nat, VyOS-1.2.0-GA

May 27 2018

syncer closed T576: DNS forwarding service or nat forwarding bug as Wontfix.

We moved to pdns in 1.2 and will not be fixing it in 1.1.x
if you can reproduce on 1.2 mention this task or create new

May 27 2018, 10:08 AM · Rejected

Apr 7 2018

syncer added a comment to T576: DNS forwarding service or nat forwarding bug.

can you repeat same on 1.2 ?

Apr 7 2018, 11:10 AM · Rejected

Mar 12 2018

Smiley added a comment to T576: DNS forwarding service or nat forwarding bug.

Well, as I previously said, I finally know why it doesn't worked as expected for me, since lines like "listen-on vti0 and listen-on vti1" were missing, for requests incoming from tunneled networks.
However, it seems to be strange that requests are sometimes still forwarded, as we can expect that none are forwarded, or all are forwarded, but why sometimes only some request are forwarded ? This seems to be a bug, however this ticket can be closed since for my needs it's ok...

Mar 12 2018, 9:19 AM · Rejected

Mar 9 2018

rps added a comment to T576: DNS forwarding service or nat forwarding bug.

P.S. This is really starting to get more into the territory of support than bug reporting, have you considered purchasing support?

Mar 9 2018, 2:30 PM · Rejected
rps added a comment to T576: DNS forwarding service or nat forwarding bug.

At first glance it looks like the name servers you are using are not reliable, and the lack of response is because the forwarder is also not getting a response.

Mar 9 2018, 2:26 PM · Rejected
Smiley added a comment to T576: DNS forwarding service or nat forwarding bug.

(By the way, it would be interesting to be able to add more than only one inbound-interface to a NAT rule...)

Mar 9 2018, 1:14 PM · Rejected
Smiley added a comment to T576: DNS forwarding service or nat forwarding bug.

(And I guess that it's the same reason for NAT rule : the inbound-interface should not only be eth0...)

Mar 9 2018, 12:42 PM · Rejected
Smiley added a comment to T576: DNS forwarding service or nat forwarding bug.
  1. There are no firewall rules set, and no firewall rulset set to the interface on the affected VyOS instances
  2. The problems seems to occur whatever the name resolution request is
  3. Yes, see below
Mar 9 2018, 11:37 AM · Rejected

Mar 8 2018

rps added a comment to T576: DNS forwarding service or nat forwarding bug.

We'll need some more information.

Mar 8 2018, 4:09 PM · Rejected
Smiley added a comment to T576: DNS forwarding service or nat forwarding bug.

Yes, I thought about that too, but with or without setting the dns
cache-size to 0, I have the same result !

Mar 8 2018, 8:11 AM · Rejected

Mar 7 2018

rps added a comment to T576: DNS forwarding service or nat forwarding bug.

By default the DNS forwarder will cache recent responses. Have you disabled DNS caching on the forwarding service with the following configuration?

Mar 7 2018, 10:20 PM · Rejected
Smiley created T576: DNS forwarding service or nat forwarding bug.
Mar 7 2018, 5:10 PM · Rejected
rps added a comment to T575: SNAT with static port not working.

It was likely the first scenario that I mentioned where there was traffic already established before the NAT rule was created. Also note that a reset conntrack is essentially a flush of the conntrack table and can be disruptive for established connections. Alternatively you could have cleared conntrack entries for the specific host address only as a more safe way of doing it in the future.

Mar 7 2018, 4:32 AM · VyOS 1.1.x (1.1.8), vyatta-nat
vasglebov closed T575: SNAT with static port not working as Resolved.

Thank you for your attention, cause it's router in production at night executed

reset conntrack

I don't know what it was but now all works fine, sorry for the trouble.

Mar 7 2018, 2:21 AM · VyOS 1.1.x (1.1.8), vyatta-nat

Mar 6 2018

rps added a comment to T575: SNAT with static port not working.

I have verified that this is working on 1.1.8 so there might be a configuration or operation issue that is making you see this behavior (I actually have this working in production at scale using over 14,500 rules across 28 chains).

Mar 6 2018, 9:37 PM · VyOS 1.1.x (1.1.8), vyatta-nat
vasglebov updated the task description for T575: SNAT with static port not working.
Mar 6 2018, 7:51 AM · VyOS 1.1.x (1.1.8), vyatta-nat
vasglebov created T575: SNAT with static port not working.
Mar 6 2018, 7:50 AM · VyOS 1.1.x (1.1.8), vyatta-nat

Jul 24 2017

syncer created vyatta-nat.
Jul 24 2017, 8:27 PM