Hi,
we want to use a map for a large NAT setup, mapping subnets to a single
IP. Thats why we wanted to use a map, but only the first two elements of
the map are used for the NAT.
I added two config examples to reproduce the bug. In the first example
the NAT works fine for the network 100.64.15.0/24, in the second it does
not. The only difference is the order of the map elements.
We have build nft from the current master branch, last commit is
97a2a5bde2f03e33315eab4b76a9e69770b99351.
Working for 100.64.15.0/24
#!/usr/sbin/nft
add chain nat postrouting { type nat hook postrouting priority 100 ;}
add chain nat prerouting { type nat hook prerouting priority 0 ;}
add map nat subnettoip { type ipv4_addr: ipv4_addr ; flags interval ; }
add rule ip nat postrouting snat ip saddr map @subnettoip;
add element nat subnettoip { 100.64.13.0/24 : 192.168.0.32 }
add element nat subnettoip { 100.64.15.0/24 : 192.168.0.34 }
add element nat subnettoip { 100.64.14.0/24 : 192.168.0.33 }
Not working for 100.64.15.0/24
#!/usr/sbin/nft
add chain nat postrouting { type nat hook postrouting priority 100 ;}
add chain nat prerouting { type nat hook prerouting priority 0 ;}
add map nat subnettoip { type ipv4_addr: ipv4_addr ; flags interval ; }
add rule ip nat postrouting snat ip saddr map @subnettoip;
add element nat subnettoip { 100.64.13.0/24 : 192.168.0.32 }
add element nat subnettoip { 100.64.14.0/24 : 192.168.0.33 }
add element nat subnettoip { 100.64.15.0/24 : 192.168.0.34 }
Greetings,
Simon
Attachment:
signature.asc
Description: OpenPGP digital signature
