Hello, I have a need to relax the session lookup criteria on out2in packet processing with NAT44 determinate mode. The behavior I am looking for is so that as long as there is an initial session for a given destination IP:port then any return packet to the translated port should be allowed regardless of the source IP. Essentially, if I open a session from 100.65.0.2 to 2.2.2.2:3074 and VPP creates a translation entry then the out2in processing should allow any n:3074 source IP and not restrict the translation to return packets only allowed from 2.2.2.2.
It looks like this may have been possible with the below feature but it's not available in determinate mode: https://wiki.fd.io/view/VPP/NAT#Enable_or_disable_forwarding Are there any thoughts on this? Any suggestions on where I could perhaps compile my own version of that allows endpoint-independent mapping? Thanks! --Josh
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17595): https://lists.fd.io/g/vpp-dev/message/17595 Mute This Topic: https://lists.fd.io/mt/77210049/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
