Alias for dynamic IP address of interface

Hello,

I have a dynamic IP address from my ISP and I’d like to use the acquired IP address in other parts of the configuration (e.g. as a destination in a firewall rule). How would I achieve this?

Thanks,
Sam

Hello @saagraa, I’m not sure that this is possible now, but can you provide a firewall example?
I guess many rules should possibly create without known IP address received via DHCP or etc.

Hi @Dmitry,

I guess I can’t think of a firewall rule that requires this, a poor example on my part.

Where I have used this before (in EdgeOS) is hairpin NAT. From the example in the Vyos docs:

destination {
     rule 110 {
         description "NAT Reflection: INSIDE"
         destination {
             port 3389
++           address dynamic-ip-on-eth0
         }
         inbound-interface eth0.10
         protocol tcp
         translation {
             address 192.0.2.40
         }
     }
 }

My understanding (I could be wrong) is that without the address limitation in the destination node, traffic on 3389 to any IP gets redirected internally, whereas I’d like to only redirect traffic that is trying to reach back into my network from within my network via my networks external IP, and send other outgoing traffic on that port to the external IP.

Thanks

@saagraa, as I understand this will apply only for traffic coming from eth0.10, so in this case, you can use this rule without defining destination address

Lets assume I have WAN on eth0 and LAN on eth1, and my ip on eth0 is A.B.C.D.

So my DNAT rule is:

destination {
     rule 110 {
         description "NAT Reflection: INSIDE"
         destination {
             port 3389
         }
         inbound-interface eth1
         protocol tcp
         translation {
             address 192.0.2.40
         }
     }
 }

Now if I try to reach U.X.Y.Z:3389 from my LAN. Doesn’t that match the NAT rule and translate the IP into 192.0.2.40?