I can't understand, how DNAT and SNAT are working on VPP:
For example my config:
set interface nat44 in GigabitEthernet0/a/0
nat44 add address 178.162.xxx.xxx
nat44 add static mapping local 52.27.xxx.xxx external 178.162.xxx.xxx
I see , that after SNAT id has been changed - host receives ping reply, but
with different id.
1 0.000000000 52.59.xxx.xxx → 178.162.xxx.xxx ICMP 98 Echo (ping) request
id=0x026a, seq=289/8449, ttl=245
2 0.147104222 52.27.xxx.xxx → 178.162.xxx.xxx ICMP 98 Echo (ping) reply
id=0x3f7d, seq=289/8449, ttl=229
3 1.023988917 52.59.xxx.xxx → 178.162.xxx.xxx ICMP 98 Echo (ping) request
id=0x026a, seq=290/8705, ttl=245
4 1.171081477 52.27.xxx.xxx → 178.162.xxx.xxx ICMP 98 Echo (ping) reply
id=0x3f7d, seq=290/8705, ttl=229
I tested different nat modes (endpoint-dependent, static mapping only), but
without success.
Same setup is working fine with iptables or nftables:
table ip nat {
chain prerouting {
type nat hook prerouting priority -100
policy accept
ip protocol tcp counter
iif eth0 dnat 52.59.xxx.xxx
}
chain postrouting {
type nat hook postrouting priority 100
policy accept
oif eth0 snat 178.162.xxx.xxx
}
}
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#13080): https://lists.fd.io/g/vpp-dev/message/13080
Mute This Topic: https://lists.fd.io/mt/31652954/21656
Mute #vpp: https://lists.fd.io/mk?hashtag=vpp&subid=1480452
Mute #nat44: https://lists.fd.io/mk?hashtag=nat44&subid=1480452
Group Owner: [email protected]
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
