Show nat66 destination rules - failed to run command

baryluk · December 5, 2023, 3:35pm

vyos@vyos:~$ show version 
Version:          VyOS 1.5-rolling-202312010026
Release train:    current

Built by:         autobuild@vyos.net
Built on:         Fri 01 Dec 2023 01:45 UTC
Build UUID:       fc11f2ef-580c-459c-bc97-ffaf9151f046
Build commit ID:  e4e3701775b91d

Architecture:     x86_64
Boot via:         livecd
System type:      bare metal

Hardware vendor:  To Be Filled By O.E.M.
Hardware model:   To Be Filled By O.E.M.
Hardware S/N:     To Be Filled By O.E.M.
Hardware UUID:    03000200-0400-0500-0006-000700080009

Copyright:        VyOS maintainers and contributors
vyos@vyos:~$

vyos@vyos:~$ show nat66 destination rules 
Traceback (most recent call last):
  File "/usr/libexec/vyos/op_mode/nat.py", line 339, in <module>
    res = vyos.opmode.run(sys.modules[__name__])
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/opmode.py", line 263, in run
    res = func(**args)
          ^^^^^^^^^^^^
  File "/usr/libexec/vyos/op_mode/nat.py", line 298, in _wrapper
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/libexec/vyos/op_mode/nat.py", line 304, in show_rules
    nat_rules = _get_raw_data_rules(direction, family)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/libexec/vyos/op_mode/nat.py", line 79, in _get_raw_data_rules
    data = _get_json_data(direction, family)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/libexec/vyos/op_mode/nat.py", line 72, in _get_json_data
    return cmd(f'nft --json list chain {family} vyos_nat {chain}')
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/utils/process.py", line 155, in cmd
    raise OSError(code, feedback)
PermissionError: [Errno 1] failed to run command: nft --json list chain ip6 vyos_nat PREROUTING
returned: 
exit code: 1
vyos@vyos:~$ show nat66 source 
Possible completions:
  rules                 Show configured source NAT66 rules
  statistics            Show statistics for configured source NAT66 rules
  translations          Show active source NAT66 translations

      
vyos@vyos:~$ show nat66 source rules 
Traceback (most recent call last):
  File "/usr/libexec/vyos/op_mode/nat.py", line 339, in <module>
    res = vyos.opmode.run(sys.modules[__name__])
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/opmode.py", line 263, in run
    res = func(**args)
          ^^^^^^^^^^^^
  File "/usr/libexec/vyos/op_mode/nat.py", line 298, in _wrapper
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/libexec/vyos/op_mode/nat.py", line 304, in show_rules
    nat_rules = _get_raw_data_rules(direction, family)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/libexec/vyos/op_mode/nat.py", line 79, in _get_raw_data_rules
    data = _get_json_data(direction, family)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/libexec/vyos/op_mode/nat.py", line 72, in _get_json_data
    return cmd(f'nft --json list chain {family} vyos_nat {chain}')
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/utils/process.py", line 155, in cmd
    raise OSError(code, feedback)
PermissionError: [Errno 1] failed to run command: nft --json list chain ip6 vyos_nat POSTROUTING
returned: 
exit code: 1
vyos@vyos:~$

tomcat667 · December 6, 2023, 9:49am

seems like a bug also on version 1.4 VyOS 1.4-rolling-202312050309
Tue 05 Dec 2023 03:09 UTC

 show nat66 destination rules
Traceback (most recent call last):
  File "/usr/libexec/vyos/op_mode/nat.py", line 339, in <module>
    res = vyos.opmode.run(sys.modules[__name__])
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/opmode.py", line 263, in run
    res = func(**args)
          ^^^^^^^^^^^^
  File "/usr/libexec/vyos/op_mode/nat.py", line 298, in _wrapper
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/libexec/vyos/op_mode/nat.py", line 304, in show_rules
    nat_rules = _get_raw_data_rules(direction, family)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/libexec/vyos/op_mode/nat.py", line 79, in _get_raw_data_rules
    data = _get_json_data(direction, family)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/libexec/vyos/op_mode/nat.py", line 72, in _get_json_data
    return cmd(f'nft --json list chain {family} vyos_nat {chain}')
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/utils/process.py", line 155, in cmd
    raise OSError(code, feedback)
PermissionError: [Errno 1] failed to run command: nft --json list chain ip6 vyos_nat PREROUTING
returned:
exit code: 1

Viacheslav · December 7, 2023, 8:31am

Add a simple example of “set” commands and how to reproduce it

set xxx xx
set xxx xxx

I opened a bug report ⚓ T5807 NAT66 op-mode bugs
You can set an example of configs here.

n.fort · December 7, 2023, 11:08am

For those who have this error, can you please check using next patch?

Edit function _verify, defined in line 289 /usr/libexec/vyos/op_mode/nat.py, and add and update two lines:

def _verify(func):
    """Decorator checks if NAT config exists"""
    from functools import wraps

    @wraps(func)
    def _wrapper(*args, **kwargs):
        config = ConfigTreeQuery()
        # Next line is new
        base = 'nat66' if 'inet6' in sys.argv[1:] else 'nat'
        if not config.exists(base):
            # Next line needs to be updated
            raise vyos.opmode.UnconfiguredSubsystem(f'{base.upper()} is not configured')
        return func(*args, **kwargs)
    return _wrapper

Save file and check once again op-mode commands for nat and nat66, and please tell us if it works or not

tomcat667 · December 7, 2023, 1:27pm

that works

grafik

testet with version 1.4 from above

n.fort · December 11, 2023, 11:57am

PR submitted: T5807: fix op-mode command <show nat66> by nicolas-fort · Pull Request #2612 · vyos/vyos-1x · GitHub