DNAT destination address for dhcp-interface

ebrithil · January 14, 2021, 10:55am

Hi,

i would like to be able to set the destination address of a DNAT rule to the address of a dhcp interface.

The configuration should look something like

nat {
    destination {
        rule 10 {
            description "HTTP/S"
            destination {
                address dhcp-interface eth0
                port 80,443
            }
            inbound-interface any
            protocol tcp
            translation {
                address xxx.xxx.1.10
            }
        }
    }
}

Something similar is already possible for static routes where you can set the route to go through a dhcp interface like set protocols static route 1.1.1.1/32 dhcp-interface eth0

My use case is described in DNAT with DHCP interface - #7 by ebrithil

phillipmcmahon · January 14, 2021, 11:23am

From an earlier email conversation on this with @Viacheslav

"Hello, Phillip.
It looks like there is a function in the EdgeOS, when interface receiving a DHCP address, writes it to IPSET, which is later used in iptables.

-A UBNT_PFOR_DNAT_HOOK -i eth4 -m set --match-set ADDRv4_eth4 dst -j UBNT_PFOR_DNAT_RULES
-A UBNT_PFOR_DNAT_HOOK -i eth2 -m set --match-set ADDRv4_eth4 dst -j UBNT_PFOR_DNAT_RULES"

This was confirmed to be the case and would be a great additional feature to add to Vyos.

phillipmcmahon · January 14, 2021, 11:27am

https://phabricator.vyos.net/T2196

This was the outcome of my chat on the same topic back in April last year.