set firewall flowtable OFFLOAD interface 'eth0' set firewall flowtable OFFLOAD interface 'eth1' set firewall flowtable OFFLOAD offload 'software' set firewall ipv4 forward filter default-action 'accept' set firewall ipv4 forward filter rule 5 action 'offload' set firewall ipv4 forward filter rule 5 offload-target 'OFFLOAD' set firewall ipv4 forward filter rule 5 state 'established' set firewall ipv4 forward filter rule 5 state 'related' set nat cgnat pool external ext01 external-port-range '1024-65535' set nat cgnat pool external ext01 per-user-limit port '2000' set nat cgnat pool external ext01 range 192.168.122.222/32 set nat cgnat pool internal int01 range '100.64.0.0/28' set nat cgnat rule 10 source pool 'int01' set nat cgnat rule 10 translation pool 'ext01' set nat source rule 100 outbound-interface name 'eth0' set nat source rule 100 source address '10.0.0.0/24' set nat source rule 100 translation address 'masquerade'
Check translations:
vyos@r4:~$ show nat source translations
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/nat.py", line 337, in <module>
res = vyos.opmode.run(sys.modules[__name__])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/opmode.py", line 263, in run
res = func(**args)
^^^^^^^^^^^^
File "/usr/libexec/vyos/op_mode/nat.py", line 296, in _wrapper
return func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^
File "/usr/libexec/vyos/op_mode/nat.py", line 331, in show_translations
return _get_formatted_translation(nat_translation, direction, family,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/libexec/vyos/op_mode/nat.py", line 266, in _get_formatted_translation
timeout = meta['timeout']
~~~~^^^^^^^^^^^
KeyError: 'timeout'
vyos@r4:~$The similar bug was for conntrack T6138 as offload entries do not have timeout key