Page MenuHomeVyOS Platform
Create Task
Maniphest T2539

Issues with parsing ip range for source nat translation address
Closed, ResolvedPublicBUG
Actions

Description

Hi,
when configure translation address range for source NAT e.g.

set nat source rule 1000 translation address 10.0.0.1-10.0.0.4

following error occurs:

[ nat ]
VyOS had an issue completing a command.

We are sorry that you encountered a problem while using VyOS.
There are a few things you can do to help us (and yourself):
- Make sure you are running the latest version of the code available at
  https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso
- Consult the forum to see how to handle this issue
  https://forum.vyos.io
- Join our community on slack where our users exchange help and advice
  https://vyos.slack.com

When reporting problems, please include as much information as possible:
- do not obfuscate any data (feel free to contact us privately if your
  business policy requires it)
- and include all the information presented below

Report Time:      2020-06-02 16:48:33
Image Version:    VyOS 1.3-rolling-202006010117
Release Train:    equuleus

Built by:         autobuild@vyos.net
Built on:         Mon 01 Jun 2020 01:17 UTC
Build UUID:       3b4adee9-8c72-4412-9f67-69814c1cf922
Build Commit ID:  be5b71edd77b3a

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (i440FX + PIIX, 1996)
Hardware S/N:
Hardware UUID:    2c727cc1-d960-4984-b342-205b93580b2e

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/nat.py", line 266, in <module>
    verify(c)
  File "/usr/libexec/vyos/conf_mode/nat.py", line 229, in verify
    if addr != 'masquerade' and not is_addr_assigned(addr):
  File "/usr/lib/python3/dist-packages/vyos/validate.py", line 132, in is_addr_assigned
    tmp = is_intf_addr_assigned(intf, addr)
  File "/usr/lib/python3/dist-packages/vyos/validate.py", line 78, in is_intf_addr_assigned
    return _is_intf_addr_assigned(intf, addr)
  File "/usr/lib/python3/dist-packages/vyos/validate.py", line 108, in _is_intf_addr_assigned
    if not _are_same_ip(address, ip_addr):
  File "/usr/lib/python3/dist-packages/vyos/validate.py", line 72, in _are_same_ip
    return socket.inet_pton(f_one, one) == socket.inet_pton(f_one, two)
OSError: illegal IP address string passed to inet_pton



[[nat]] failed
Commit failed

Details

Version
1.3-rolling-202006010117
Is it a breaking change?
Unspecified (possibly destroys the router)

Related Objects

Event Timeline

yurij185 created this task.Jun 2 2020, 6:55 AM
pasik subscribed.Jun 2 2020, 11:48 AM
thomas-mangin subscribed.Jun 2 2020, 7:44 PM

Thank you for reporting this issue, it looks like that parser allows ranges of IP address (IP hyphen IP) but the parser does not. You could get around using CIDR notation but this indeed need looking into.

tux subscribed.Aug 14 2020, 6:25 PM
Unknown Object (User) subscribed.Aug 20 2020, 6:04 AM
Viacheslav mentioned this in T2890: NAT error adding translation address range.Sep 16 2020, 6:24 PM
Viacheslav closed this task as Resolved.Nov 28 2020, 4:37 PM
Viacheslav claimed this task.
Viacheslav subscribed.

Fixed

set nat source rule 1000 outbound-interface 'eth1'
set nat source rule 1000 source address '203.0.113.1-203.0.113.4'
set nat source rule 1000 translation address '10.0.0.1-10.0.0.4'
vyos@r5# commit
[ nat ]
Warning: IP address 10.0.0.1 does not exist on the system!
Warning: IP address 10.0.0.4 does not exist on the system!

[edit]
vyos@r5#

Check

vyos@r5# sudo nft list table nat | grep POST -A 3
	chain POSTROUTING {
		type nat hook postrouting priority srcnat; policy accept;
		oifname "eth1" ip saddr 203.0.113.1-203.0.113.4 counter packets 0 bytes 0 snat to 10.0.0.1-10.0.0.4 comment "SRC-NAT-1000"
	}
[edit]
vyos@r5# 
vyos@r5# run show version 

Version:          VyOS 1.3-rolling-202011280730