Uploaded image for project: 'vpp'
  1. vpp
  2. VPP-1887

Bug in NAT44 add static mapping CLI/API

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Medium Medium
    • None
    • None
    • nat
    • None

       

      Without adding port to icmp static mapping command a generic rule is created for address only mapping. This causes unintentional misconfiguration and opening all ports for specific local address. ICMP output is also showing port numbers in the output of command.

       

      1)

      nat44 add static mapping icmp local 20.0.0.3 external 20.0.1.3

      nat44 show static mappings

      NAT44 static mappings:

        local 20.0.0.3 external 20.0.1.3 vrf 0

      2)

      nat44 add static mapping icmp local 20.0.0.3 0 external 20.0.1.3 

      nat44 show static mappings

      NAT44 static mappings:

        icmp local 20.0.0.3:0 external 20.0.1.3:0 vrf 0

            fivarga89 Filip Varga
            fivarga89 Filip Varga
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: