On Fri, May 15, 2020 at 2:38 PM Jon Loeliger wrote:
>
> So, here is the same scenario using vppctl to set up the test case.
>
> vpp# nat44 add static mapping icmp local 192.168.0.53 external outside
> vpp# show nat44 static mappings
> NAT44 static mappings:
> local 192.168.0.53 external 192.168.
On Thu, May 14, 2020 at 11:23 AM Jon Loeliger via lists.fd.io wrote:
> Did the ICMP mapping open more than was expected or intended here?
>
> I chased this down in the code a bit, but I'm not sure what the _intent_
> is supposed to be.
> When "address only" is true (ie, both ports are 0), then th
Hi vpp-devers,
We have a report of an unexpected behavior when using a static NAT with
ICMP.
It appears that configuring an outside interface to allow ICMP also allows
forwarding
of all protocols as well.
If you start with, say, a blocked TCP on port 22 and an SNMP on port 161,
then
adding a NAT
