Page MenuHomeVyOS Platform
Create Task
Maniphest T3186

NAT: Commit failed when applying negated(!) addresses
Closed, ResolvedPublicBUG
Actions

Description

Hi it seems "!" operator is not taken anymore :

[edit]
vyos@cerbere# set nat destination rule 1000 destination address !10.2.0.213
[edit]
vyos@cerbere# set nat destination rule 1000 destination port 53
[edit]
vyos@cerbere# set nat destination rule 1000 inbound-interface eth1.2
[edit]
vyos@cerbere# set nat destination rule 1000 protocol tcp_udp
[edit]
vyos@cerbere# set nat destination rule 1000 source address !10.2.0.213
[edit]
vyos@cerbere# set nat destination rule 1000 translation address 10.2.0.213
[edit]
vyos@cerbere# set nat destination rule 1000 translation port 53
[edit]
vyos@cerbere# show nat destination
+rule 1000 {
+    destination {
+        address !10.2.0.213
+        port 53
+    }
+    inbound-interface eth1.2
+    protocol tcp_udp
+    source {
+        address !10.2.0.213
+    }
+    translation {
+        address 10.2.0.213
+        port 53
+    }
+}

[edit]
vyos@cerbere# commit
[ nat ]
VyOS had an issue completing a command.

We are sorry that you encountered a problem while using VyOS.
There are a few things you can do to help us (and yourself):
- Make sure you are running the latest version of the code available at
  https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso
- Consult the forum to see how to handle this issue
  https://forum.vyos.io
- Join our community on slack where our users exchange help and advice
  https://vyos.slack.com

When reporting problems, please include as much information as possible:
- do not obfuscate any data (feel free to contact us privately if your
  business policy requires it)
- and include all the information presented below

Report Time:      2021-01-05 11:40:41
Image Version:    VyOS 1.3-rolling-202101030217
Release Train:    equuleus

Built by:         [email protected]
Built on:         Sun 03 Jan 2021 02:17 UTC
Build UUID:       97831d38-ecb8-4cad-8770-7f32584bad4d
Build Commit ID:  ba6dab895279f6

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (Q35 + ICH9, 2009)
Hardware S/N:
Hardware UUID:    93849cbb-6b58-4e0d-9639-588e0618437d

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/nat.py", line 201, in <module>
    apply(c)
  File "/usr/libexec/vyos/conf_mode/nat.py", line 189, in apply
    cmd(f'{iptables_nat_config}')
  File "/usr/lib/python3/dist-packages/vyos/util.py", line 179, in cmd
    raise OSError(code, feedback)
PermissionError: [Errno 1] failed to run command: /tmp/vyos-nat-rules.nft
returned:
exit code: 1

noteworthy:
cmd '/tmp/vyos-nat-rules.nft'
returned (out):

returned (err):
/tmp/vyos-nat-rules.nft:11:70-70: Error: syntax error, unexpected !
add rule ip nat PREROUTING iifname "eth1.2" ip protocol tcp ip saddr !10.2.0.213 ip daddr !10.2.0.213 tcp dport { 53 } counter dnat to 10.2.0.213:53 comment "DST-NAT-1000 tcp_udp"
                                                                     ^
/tmp/vyos-nat-rules.nft:13:70-70: Error: syntax error, unexpected !
add rule ip nat PREROUTING iifname "eth1.2" ip protocol udp ip saddr !10.2.0.213 ip daddr !10.2.0.213 udp dport { 53 } counter dnat to 10.2.0.213:53 comment "DST-NAT-1000 tcp_udp"
                                                                     ^

[[nat]] failed
Commit failed

Details

Difficulty level
Easy (less than an hour)
Version
VyOS 1.3-rolling-202101030217
Why the issue appeared?
Design mistake
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

androme created this task.Jan 5 2021, 11:46 AM
androme updated the task description. (Show Details)Jan 5 2021, 12:06 PM
pasik added a subscriber: pasik.Jan 6 2021, 2:42 PM
jack9603301 added a subscriber: jack9603301.Jan 10 2021, 2:09 PM
c-po renamed this task from Bug with "!" invert character to NAT: bug with "!" invert character.Jan 12 2021, 9:54 PM
c-po claimed this task.
c-po updated the task description. (Show Details)
c-po added a comment.Jan 12 2021, 10:21 PM

Please verify with a 1.4 rolling image from 20210113 so we can consider this to be backported.

c-po changed the task status from Open to Needs testing.Jan 12 2021, 10:21 PM
c-po triaged this task as High priority.
c-po changed Why the issue appeared? from Will be filled on close to Design mistake.
androme closed this task as Resolved.Jan 13 2021, 3:55 PM

Hi, it's ok with : 1.4-rolling-202101130217
Thank you and have a nice day.

c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Mar 18 2021, 4:28 PM
SrividyaA renamed this task from NAT: bug with "!" invert character to NAT: Commit failed when applying negated(!) addresses .Aug 30 2021, 3:19 PM
SrividyaA set Issue type to Bug (incorrect behavior).
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Aug 29 2022, 12:26 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.