SNAT rewrite ip Pooling support #71
Description
A config like this
config nat
option name 'SNAT'
option family 'ipv4'
option src 'vpn'
option src_ip '192.168.106.0/24'
option dest_ip '10.66.0.0/16'
option target 'SNAT'
option snat_ip '10.254.1.0/24'
list proto 'all'
Create this rule:
chain srcnat_vpn {
ip saddr 192.168.106.0/24 ip daddr 10.66.0.0/16 counter snat ip to 10.254.1.0 comment "!fw4: SNAT"
}
But it should create something like this:
chain srcnat_vpn {
ip saddr 192.168.106.0/24 ip daddr 10.66.0.0/16 counter snat ip to 10.254.1.0/24 comment "!fw4: SNAT"
}
NFT Tables support NAT pooling using a prefix or a range this is the link of the documentation NFT NAT pooling
I saw in the code the rip variable used for adding the snat rule is used as rip[0] so the prefix is been removed (this is correct only if a port rewrite is done, look at the example below) otherwise is supported.
You can also rewrite both an ip range + a port range and is defined like this:
chain srcnat_vpn {
ip saddr 192.168.106.0/24 ip daddr 10.0.0.0/24 tcp sport 19 tcp dport 12 counter snat ip to 10.254.1.1-10.254.1.2:100-200 comment "!fw4: TCP"
}