Negating interface names in NAT configuration causes invalid warnings
Closed, ResolvedPublicBUG
Actions

Assigned To

Authored By

	alryaz
	May 18 2024, 2:02 PM

Description

Issue description

Whenever a NAT rule with negation in the interface name is used, an invalid warning appears.

Expected behavior

No warnings appear on screen when commit is executed.

Example of such configuration

set nat destination rule 10 description 'DNS'
set nat destination rule 10 destination address 10.0.0.1
set nat destination rule 10 destination port 53
set nat destination rule 10 inbound-interface name '!eth0'  # <--- here, eth0 is negated
set nat destination rule 10 protocol 'tcp_udp'
set nat destination rule 10 translation address 172.16.0.1

Console output after `commit`

WARNING: NAT interface "!eth0" for destination NAT rule "10" does not exist!

Suggested fix

Copy over the mechanism for checking group names (done in GitHub PR: https://github.com/vyos/vyos-1x/pull/3482)

https://github.com/vyos/vyos-1x/pull/3482

Details

Difficulty level: Easy (less than an hour)
Version: 1.5-rolling-202405121403
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Perfectly compatible
Issue type: Bug (incorrect behavior)

Event Timeline

alryaz created this task.May 18 2024, 2:02 PM

pasik subscribed.May 18 2024, 2:34 PM

syncer triaged this task as Normal priority.May 19 2024, 8:02 AM

c-po changed the task status from Open to In progress.May 22 2024, 6:01 PM

c-po assigned this task to alryaz.

c-po added a project: VyOS 1.4 Sagitta (1.4.0-GA).

https://github.com/vyos/vyos-1x/pull/3482

Same issue applies to NAT66, too

https://github.com/vyos/vyos-1x/pull/3505

Should this ticket be closed? I see the PRs were merged more than a month ago.

Viacheslav closed this task as Resolved.Jun 25 2024, 4:24 AM

Viacheslav moved this task from Need Triage to Finished on the VyOS 1.5 Circinus board.

Viacheslav moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-GA) board.

Negating interface names in NAT configuration causes invalid warningsClosed, ResolvedPublicBUGActions