Page MenuHomeVyOS Platform
Create Task
Maniphest T5643

NAT - Allow interface groups on nat rules
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

Interface groups are sync to vyos_nat, so if interface group is defined, it's available in vyos_nat table to be use.

We need to extend cli in order to allow interface group on NAT configurations.

Details

Difficulty level
Unknown (require assessment)
Version
1.5-rolling-202310100022
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Improvement (missing useful functionality)

Related Objects

Event Timeline

n.fort changed the task status from Open to Confirmed.Oct 10 2023, 10:40 AM
n.fort claimed this task.
n.fort created this task.
n.fort changed Version from - to 1.5-rolling-202310100022.
n.fort changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
pasik added a subscriber: pasik.Oct 10 2023, 11:15 AM
n.fort added a comment.Oct 10 2023, 6:18 PM

PR: https://github.com/vyos/vyos-1x/pull/2355

n.fort changed the task status from Confirmed to In progress.Oct 10 2023, 6:18 PM
yzguy mentioned this in T5676: NAT66 source rule with negation source/destination prefix causes TypeError.Oct 25 2023, 2:05 AM
yzguy added a subscriber: yzguy.

This is causing smoketests on the nightly builds to fail

DEBUG - Traceback (most recent call last):
DEBUG -   File "/usr/libexec/vyos/conf_mode/nat66.py", line 127, in <module>
DEBUG -     generate(c)
DEBUG -   File "/usr/libexec/vyos/conf_mode/nat66.py", line 101, in generate
DEBUG -     render(nftables_nat66_config, 'firewall/nftables-nat66.j2', nat, permission=0o755)
DEBUG -   File "/usr/lib/python3/dist-packages/vyos/template.py", line 142, in render
DEBUG -     rendered = render_to_string(template, content, formater, location)
DEBUG -                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
DEBUG -   File "/usr/lib/python3/dist-packages/vyos/template.py", line 111, in render_to_string
DEBUG -     rendered = template.render(content)
DEBUG -                ^^^^^^^^^^^^^^^^^^^^^^^^
DEBUG -   File "/usr/lib/python3/dist-packages/jinja2/environment.py", line 1301, in render
DEBUG -     self.environment.handle_exception()
DEBUG -   File "/usr/lib/python3/dist-packages/jinja2/environment.py", line 936, in handle_exception
DEBUG -     raise rewrite_traceback_stack(source=source)
DEBUG -   File "/usr/share/vyos/templates/firewall/nftables-nat66.j2", line 28, in top-level template code
DEBUG -     {{ config | nat_rule(rule, 'source', ipv6=True) }}
DEBUG -     ^^^^^^^^^^^^^^^^^^^^^^^^^
DEBUG -   File "/usr/lib/python3/dist-packages/vyos/template.py", line 660, in nat_rule
DEBUG -     return parse_nat_rule(rule_conf, rule_id, nat_type, ipv6)
DEBUG -            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
DEBUG -   File "/usr/lib/python3/dist-packages/vyos/nat.py", line 58, in parse_nat_rule
DEBUG -     oiface = rule_conf['outbound_interface']['interface_group']
DEBUG -              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^
DEBUG - TypeError: string indices must be integers, not 'str'

https://github.com/vyos/vyos-rolling-nightly-builds/actions/runs/6634058124/job/18022884823#step:10:28628

n.fort changed the task status from In progress to Needs testing.Oct 26 2023, 12:17 PM

This error was already fixed in https://github.com/vyos/vyos-1x/pull/2406

twan added a subscriber: twan.Nov 11 2023, 9:39 AM

Will this feature be backported to 1.4?

Viacheslav added a subscriber: Viacheslav.Nov 11 2023, 9:47 AM

@twan it was backported https://github.com/vyos/vyos-1x/pull/2400

n.fort closed this task as Resolved.Nov 22 2023, 7:15 PM