Mailing List Archive

sigh, I dont have a pix, but from the manual, I think rancid's match is
deficient.

/^ip nat (\S+) source static (\S+)/ &&

doesn't handle a protocol field (udp|tcp) as the 6th field.

/^ip nat (\S+) source static ((udp|tcp) )?(\S+)/ &&
ProcessHistory("IP NAT $1","ipsort","$4","$_") && next;

the IP match probably ought be more specific too,

/^ip nat (\S+) source static ((udp|tcp) )?(\d+\.\d+\.\d+\.\d+)/ &&

What options are available for the 6th field?

Fri, Jun 10, 2005 at 07:26:53AM -0700, Roderick B. Greening:
> Hi,
>
> I keep getting uninteresting diffs like the following:
>
> retrieving revision 1.10
> diff -U4 -r1.10 <FILENAME REMOVED>
> @@ -101,11 +101,11 @@
> no keepalive
> !
> ip default-gateway <IP REMOVED>
> + ip nat inside source route-map nonat interface cable-modem0 overload
> ip nat inside source static udp 192.168.1.11 5632 interface cable-modem0
> 5632
> ip nat inside source static tcp 192.168.1.11 5631 interface cable-modem0
> 5631
> - ip nat inside source route-map nonat interface cable-modem0 overload
> ip classless
> no ip http server
> no ip http secure-server
> no ip http cable-monitor
>
> It appears that the sort routine for NAT needs some augmentation to order
> non-static entries as well to try and forces these to appear either before
> or after the static ones. Any thoughts?
>
> There are two main types of entry I use for overloading:
>
> ip nat inside source list 1 interface cable-modem0 overload
>
> and
>
> ip nat inside source route-map nonat interface cable-modem0 overload
>
> The important (non-changing) bits are the "overload" and the "list" vs
> "route-map".
>
> I'd like to augment the NAT/sort/ProcessHistory to force overloaded
> statements to appear at the top of the NAT history.
>
> Also, I've noticed that I receive the following diff's regularly:
>
> retrieving revision 1.3
> diff -U4 -r1.3 <FILENAME REMOVED>
> @@ -76,12 +76,12 @@
> no cable-modem compliant bridge
> !
> ip default-gateway <IP REMOVED>
> ip nat inside source list 1 interface cable-modem0 overload
> - ip nat inside source static udp 192.168.1.20 5632 interface cable-modem0
> 5632
> ip nat inside source static udp 192.168.1.20 5631 interface cable-modem0
> 5631
> - ip nat inside source static tcp 192.168.1.20 5631 interface cable-modem0
> 5631
> + ip nat inside source static udp 192.168.1.20 5632 interface cable-modem0
> 5632
> ip nat inside source static tcp 192.168.1.20 5632 interface cable-modem0
> 5632
> + ip nat inside source static tcp 192.168.1.20 5631 interface cable-modem0
> 5631
> ip classless
> no ip http server
> !
> logging trap notifications
>
> Notice that no actual config changes have occured. The NAT sort routine only
> sorts on IP with no consideration to the same IP having multiple ports being
> translated. It should also sort on port (at least in my case I'd like this).
>
> Has anyone provided (or can provide) a way to augment the NAT sorting rules?
> I'd like to reduce the amount of diff mails I receive, as I currenly have a
> few hundred of these out in the field and I constantly get diffs with no
> real changes.
>
> Thank in advance,
>
> Rod.
>
>
> Roderick B. Greening, B.Sc.
> Manager, Provisioning & Technical Support
> Atlantic Region
> group telecom, a Bell Canada Company
> 541 Kenmount Rd.
> St. John's, NF
> (709) 757-1328 (Office)
> (709) 685-3681 (Mobile)
> (709) 757-1201 (Fax)
> rgreening at gt.ca
>
>
>

Here's how my router see's NAT:

ubr900(config)#ip nat ?
Stateful Stateful NAT configuration commands
inside Inside address translation
log NAT Logging
outside Outside address translation
pool Define pool of addresses
service Special translation for application using non-standard port
translation NAT translation entry configuration

ubr900(config)#ip nat inside ?
destination Destination address translation
source Source address translation

ubr900(config)#ip nat inside source ?
list Specify access list describing local addresses
route-map Specify route-map
static Specify static local->global mapping

ubr900(config)#ip nat inside source static ?
A.B.C.D Inside local IP address
esp IPSec-ESP (Tunnel mode) support
network Subnet translation
tcp Transmission Control Protocol
udp User Datagram Protocol

ubr900(config)#ip nat inside source static tcp ?
A.B.C.D Inside local IP address

ubr900(config)#ip nat inside source static tcp 1.1.1.1 ?
<1-65535> Local UDP/TCP port

ubr900(config)#ip nat inside source static tcp 1.1.1.1 9999 ?
A.B.C.D Inside global IP address
interface Specify interface for global address

The 3rd field can be (inside|outside)
The 4th field can be (source|destination) *note: for outside translation,
only source if available
The 5th field can be (list|route-map|static)

At this point, we probably need to be able to split list|route-map|static
off.

List and route-map are basically the same, and have all the same options:

ip nat (inside|outside) (source|destination) (list|route-map) (\S+) pool
(\S+)

For static translations, we have the following:

ip nat (inside|outside) (source|destination) static
(tcp|udp|esp|network|\d+\.\d+\.\d+\.\d+)

If it's (tcp|udp|esp) then you have an IP address and port number followed
by either another IP address and port number or the keyword interface
replaces the second IP address.

Is this enough detail?

Thanks.


-----Original Message-----
From: john heasley [mailto:heas@shrubbery.net]
Sent: Friday, June 10, 2005 9:20 PM
To: Roderick B. Greening
Cc: 'rancid-discuss at shrubbery.net'
Subject: Re: Sorting NAT Statements... producing useless diffs...

sigh, I dont have a pix, but from the manual, I think rancid's match is
deficient.

/^ip nat (\S+) source static (\S+)/ &&

doesn't handle a protocol field (udp|tcp) as the 6th field.

/^ip nat (\S+) source static ((udp|tcp) )?(\S+)/ &&
ProcessHistory("IP NAT $1","ipsort","$4","$_") && next;

the IP match probably ought be more specific too,

/^ip nat (\S+) source static ((udp|tcp) )?(\d+\.\d+\.\d+\.\d+)/ &&

What options are available for the 6th field?

Fri, Jun 10, 2005 at 07:26:53AM -0700, Roderick B. Greening:
> Hi,
>
> I keep getting uninteresting diffs like the following:
>
> retrieving revision 1.10
> diff -U4 -r1.10 <FILENAME REMOVED>
> @@ -101,11 +101,11 @@
> no keepalive
> !
> ip default-gateway <IP REMOVED>
> + ip nat inside source route-map nonat interface cable-modem0 overload
> ip nat inside source static udp 192.168.1.11 5632 interface cable-modem0
> 5632
> ip nat inside source static tcp 192.168.1.11 5631 interface cable-modem0
> 5631
> - ip nat inside source route-map nonat interface cable-modem0 overload
> ip classless
> no ip http server
> no ip http secure-server
> no ip http cable-monitor
>
> It appears that the sort routine for NAT needs some augmentation to order
> non-static entries as well to try and forces these to appear either before
> or after the static ones. Any thoughts?
>
> There are two main types of entry I use for overloading:
>
> ip nat inside source list 1 interface cable-modem0 overload
>
> and
>
> ip nat inside source route-map nonat interface cable-modem0 overload
>
> The important (non-changing) bits are the "overload" and the "list" vs
> "route-map".
>
> I'd like to augment the NAT/sort/ProcessHistory to force overloaded
> statements to appear at the top of the NAT history.
>
> Also, I've noticed that I receive the following diff's regularly:
>
> retrieving revision 1.3
> diff -U4 -r1.3 <FILENAME REMOVED>
> @@ -76,12 +76,12 @@
> no cable-modem compliant bridge
> !
> ip default-gateway <IP REMOVED>
> ip nat inside source list 1 interface cable-modem0 overload
> - ip nat inside source static udp 192.168.1.20 5632 interface cable-modem0
> 5632
> ip nat inside source static udp 192.168.1.20 5631 interface cable-modem0
> 5631
> - ip nat inside source static tcp 192.168.1.20 5631 interface cable-modem0
> 5631
> + ip nat inside source static udp 192.168.1.20 5632 interface cable-modem0
> 5632
> ip nat inside source static tcp 192.168.1.20 5632 interface cable-modem0
> 5632
> + ip nat inside source static tcp 192.168.1.20 5631 interface cable-modem0
> 5631
> ip classless
> no ip http server
> !
> logging trap notifications
>
> Notice that no actual config changes have occured. The NAT sort routine
only
> sorts on IP with no consideration to the same IP having multiple ports
being
> translated. It should also sort on port (at least in my case I'd like
this).
>
> Has anyone provided (or can provide) a way to augment the NAT sorting
rules?
> I'd like to reduce the amount of diff mails I receive, as I currenly have
a
> few hundred of these out in the field and I constantly get diffs with no
> real changes.
>
> Thank in advance,
>
> Rod.
>
>
> Roderick B. Greening, B.Sc.
> Manager, Provisioning & Technical Support
> Atlantic Region
> group telecom, a Bell Canada Company
> 541 Kenmount Rd.
> St. John's, NF
> (709) 757-1328 (Office)
> (709) 685-3681 (Mobile)
> (709) 757-1201 (Fax)
> rgreening at gt.ca
>
>
>

I think what I'd like to see is the NAT lines get sorted alphabetically.
That should prevent the lines jumping around I would guess.

Is there a routine/sort in RANCID that I can use to test this theory out?

-----Original Message-----
From: owner-rancid-discuss@shrubbery.net
[mailto:owner-rancid-discuss at shrubbery.net] On Behalf Of Roderick B.
Greening
Sent: Saturday, June 11, 2005 2:42 PM
To: 'john heasley'
Cc: 'rancid-discuss at shrubbery.net'
Subject: RE: Sorting NAT Statements... producing useless diffs...

Here's how my router see's NAT:

ubr900(config)#ip nat ?
Stateful Stateful NAT configuration commands
inside Inside address translation
log NAT Logging
outside Outside address translation
pool Define pool of addresses
service Special translation for application using non-standard port
translation NAT translation entry configuration

ubr900(config)#ip nat inside ?
destination Destination address translation
source Source address translation

ubr900(config)#ip nat inside source ?
list Specify access list describing local addresses
route-map Specify route-map
static Specify static local->global mapping

ubr900(config)#ip nat inside source static ?
A.B.C.D Inside local IP address
esp IPSec-ESP (Tunnel mode) support
network Subnet translation
tcp Transmission Control Protocol
udp User Datagram Protocol

ubr900(config)#ip nat inside source static tcp ?
A.B.C.D Inside local IP address

ubr900(config)#ip nat inside source static tcp 1.1.1.1 ?
<1-65535> Local UDP/TCP port

ubr900(config)#ip nat inside source static tcp 1.1.1.1 9999 ?
A.B.C.D Inside global IP address
interface Specify interface for global address

The 3rd field can be (inside|outside)
The 4th field can be (source|destination) *note: for outside translation,
only source if available
The 5th field can be (list|route-map|static)

At this point, we probably need to be able to split list|route-map|static
off.

List and route-map are basically the same, and have all the same options:

ip nat (inside|outside) (source|destination) (list|route-map) (\S+) pool
(\S+)

For static translations, we have the following:

ip nat (inside|outside) (source|destination) static
(tcp|udp|esp|network|\d+\.\d+\.\d+\.\d+)

If it's (tcp|udp|esp) then you have an IP address and port number followed
by either another IP address and port number or the keyword interface
replaces the second IP address.

Is this enough detail?

Thanks.


-----Original Message-----
From: john heasley [mailto:heas@shrubbery.net]
Sent: Friday, June 10, 2005 9:20 PM
To: Roderick B. Greening
Cc: 'rancid-discuss at shrubbery.net'
Subject: Re: Sorting NAT Statements... producing useless diffs...

sigh, I dont have a pix, but from the manual, I think rancid's match is
deficient.

/^ip nat (\S+) source static (\S+)/ &&

doesn't handle a protocol field (udp|tcp) as the 6th field.

/^ip nat (\S+) source static ((udp|tcp) )?(\S+)/ &&
ProcessHistory("IP NAT $1","ipsort","$4","$_") && next;

the IP match probably ought be more specific too,

/^ip nat (\S+) source static ((udp|tcp) )?(\d+\.\d+\.\d+\.\d+)/ &&

What options are available for the 6th field?

Fri, Jun 10, 2005 at 07:26:53AM -0700, Roderick B. Greening:
> Hi,
>
> I keep getting uninteresting diffs like the following:
>
> retrieving revision 1.10
> diff -U4 -r1.10 <FILENAME REMOVED>
> @@ -101,11 +101,11 @@
> no keepalive
> !
> ip default-gateway <IP REMOVED>
> + ip nat inside source route-map nonat interface cable-modem0 overload
> ip nat inside source static udp 192.168.1.11 5632 interface cable-modem0
> 5632
> ip nat inside source static tcp 192.168.1.11 5631 interface cable-modem0
> 5631
> - ip nat inside source route-map nonat interface cable-modem0 overload
> ip classless
> no ip http server
> no ip http secure-server
> no ip http cable-monitor
>
> It appears that the sort routine for NAT needs some augmentation to order
> non-static entries as well to try and forces these to appear either before
> or after the static ones. Any thoughts?
>
> There are two main types of entry I use for overloading:
>
> ip nat inside source list 1 interface cable-modem0 overload
>
> and
>
> ip nat inside source route-map nonat interface cable-modem0 overload
>
> The important (non-changing) bits are the "overload" and the "list" vs
> "route-map".
>
> I'd like to augment the NAT/sort/ProcessHistory to force overloaded
> statements to appear at the top of the NAT history.
>
> Also, I've noticed that I receive the following diff's regularly:
>
> retrieving revision 1.3
> diff -U4 -r1.3 <FILENAME REMOVED>
> @@ -76,12 +76,12 @@
> no cable-modem compliant bridge
> !
> ip default-gateway <IP REMOVED>
> ip nat inside source list 1 interface cable-modem0 overload
> - ip nat inside source static udp 192.168.1.20 5632 interface cable-modem0
> 5632
> ip nat inside source static udp 192.168.1.20 5631 interface cable-modem0
> 5631
> - ip nat inside source static tcp 192.168.1.20 5631 interface cable-modem0
> 5631
> + ip nat inside source static udp 192.168.1.20 5632 interface cable-modem0
> 5632
> ip nat inside source static tcp 192.168.1.20 5632 interface cable-modem0
> 5632
> + ip nat inside source static tcp 192.168.1.20 5631 interface cable-modem0
> 5631
> ip classless
> no ip http server
> !
> logging trap notifications
>
> Notice that no actual config changes have occured. The NAT sort routine
only
> sorts on IP with no consideration to the same IP having multiple ports
being
> translated. It should also sort on port (at least in my case I'd like
this).
>
> Has anyone provided (or can provide) a way to augment the NAT sorting
rules?
> I'd like to reduce the amount of diff mails I receive, as I currenly have
a
> few hundred of these out in the field and I constantly get diffs with no
> real changes.
>
> Thank in advance,
>
> Rod.
>
>
> Roderick B. Greening, B.Sc.
> Manager, Provisioning & Technical Support
> Atlantic Region
> group telecom, a Bell Canada Company
> 541 Kenmount Rd.
> St. John's, NF
> (709) 757-1328 (Office)
> (709) 685-3681 (Mobile)
> (709) 757-1201 (Fax)
> rgreening at gt.ca
>
>
>

On Sat, Jun 11, 2005 at 12:16:28PM -0700, Roderick B. Greening wrote:
> I think what I'd like to see is the NAT lines get sorted alphabetically.
> That should prevent the lines jumping around I would guess.
>
> Is there a routine/sort in RANCID that I can use to test this theory out?

Play around with this code in rancid:

1459 # order ip host statements
1460 /^ip host (\S+) / &&
1461 ProcessHistory("IPHOST","keysort","$1","$_") && next;
1462 # order ip nat source static statements
1463 /^ip nat (\S+) source static (\S+)/ &&
1464 ProcessHistory("IP NAT $1","ipsort","$2","$_") && next;

And note that "keysort" and "ipsort" evaluate to subroutines elsewhere
in rancid - you can write your own subroutine for the sorting if needed.

Is there any significance to the order of (list|route-map|static) or
(ip|esp|network|tcp|udp)?

Sat, Jun 11, 2005 at 10:12:29AM -0700, Roderick B. Greening:
> Here's how my router see's NAT:
>
> ubr900(config)#ip nat ?
> Stateful Stateful NAT configuration commands
> inside Inside address translation
> log NAT Logging
> outside Outside address translation
> pool Define pool of addresses
> service Special translation for application using non-standard port
> translation NAT translation entry configuration
>
> ubr900(config)#ip nat inside ?
> destination Destination address translation
> source Source address translation
>
> ubr900(config)#ip nat inside source ?
> list Specify access list describing local addresses
> route-map Specify route-map
> static Specify static local->global mapping
>
> ubr900(config)#ip nat inside source static ?
> A.B.C.D Inside local IP address
> esp IPSec-ESP (Tunnel mode) support
> network Subnet translation
> tcp Transmission Control Protocol
> udp User Datagram Protocol
>
> ubr900(config)#ip nat inside source static tcp ?
> A.B.C.D Inside local IP address
>
> ubr900(config)#ip nat inside source static tcp 1.1.1.1 ?
> <1-65535> Local UDP/TCP port
>
> ubr900(config)#ip nat inside source static tcp 1.1.1.1 9999 ?
> A.B.C.D Inside global IP address
> interface Specify interface for global address
>
> The 3rd field can be (inside|outside)
> The 4th field can be (source|destination) *note: for outside translation,
> only source if available
> The 5th field can be (list|route-map|static)
>
> At this point, we probably need to be able to split list|route-map|static
> off.
>
> List and route-map are basically the same, and have all the same options:
>
> ip nat (inside|outside) (source|destination) (list|route-map) (\S+) pool
> (\S+)
>
> For static translations, we have the following:
>
> ip nat (inside|outside) (source|destination) static
> (tcp|udp|esp|network|\d+\.\d+\.\d+\.\d+)
>
> If it's (tcp|udp|esp) then you have an IP address and port number followed
> by either another IP address and port number or the keyword interface
> replaces the second IP address.
>
> Is this enough detail?
>
> Thanks.
>
>
> -----Original Message-----
> From: john heasley [mailto:heas at shrubbery.net]
> Sent: Friday, June 10, 2005 9:20 PM
> To: Roderick B. Greening
> Cc: 'rancid-discuss at shrubbery.net'
> Subject: Re: Sorting NAT Statements... producing useless diffs...
>
> sigh, I dont have a pix, but from the manual, I think rancid's match is
> deficient.
>
> /^ip nat (\S+) source static (\S+)/ &&
>
> doesn't handle a protocol field (udp|tcp) as the 6th field.
>
> /^ip nat (\S+) source static ((udp|tcp) )?(\S+)/ &&
> ProcessHistory("IP NAT $1","ipsort","$4","$_") && next;
>
> the IP match probably ought be more specific too,
>
> /^ip nat (\S+) source static ((udp|tcp) )?(\d+\.\d+\.\d+\.\d+)/ &&
>
> What options are available for the 6th field?
>
> Fri, Jun 10, 2005 at 07:26:53AM -0700, Roderick B. Greening:
> > Hi,
> >
> > I keep getting uninteresting diffs like the following:
> >
> > retrieving revision 1.10
> > diff -U4 -r1.10 <FILENAME REMOVED>
> > @@ -101,11 +101,11 @@
> > no keepalive
> > !
> > ip default-gateway <IP REMOVED>
> > + ip nat inside source route-map nonat interface cable-modem0 overload
> > ip nat inside source static udp 192.168.1.11 5632 interface cable-modem0
> > 5632
> > ip nat inside source static tcp 192.168.1.11 5631 interface cable-modem0
> > 5631
> > - ip nat inside source route-map nonat interface cable-modem0 overload
> > ip classless
> > no ip http server
> > no ip http secure-server
> > no ip http cable-monitor
> >
> > It appears that the sort routine for NAT needs some augmentation to order
> > non-static entries as well to try and forces these to appear either before
> > or after the static ones. Any thoughts?
> >
> > There are two main types of entry I use for overloading:
> >
> > ip nat inside source list 1 interface cable-modem0 overload
> >
> > and
> >
> > ip nat inside source route-map nonat interface cable-modem0 overload
> >
> > The important (non-changing) bits are the "overload" and the "list" vs
> > "route-map".
> >
> > I'd like to augment the NAT/sort/ProcessHistory to force overloaded
> > statements to appear at the top of the NAT history.
> >
> > Also, I've noticed that I receive the following diff's regularly:
> >
> > retrieving revision 1.3
> > diff -U4 -r1.3 <FILENAME REMOVED>
> > @@ -76,12 +76,12 @@
> > no cable-modem compliant bridge
> > !
> > ip default-gateway <IP REMOVED>
> > ip nat inside source list 1 interface cable-modem0 overload
> > - ip nat inside source static udp 192.168.1.20 5632 interface cable-modem0
> > 5632
> > ip nat inside source static udp 192.168.1.20 5631 interface cable-modem0
> > 5631
> > - ip nat inside source static tcp 192.168.1.20 5631 interface cable-modem0
> > 5631
> > + ip nat inside source static udp 192.168.1.20 5632 interface cable-modem0
> > 5632
> > ip nat inside source static tcp 192.168.1.20 5632 interface cable-modem0
> > 5632
> > + ip nat inside source static tcp 192.168.1.20 5631 interface cable-modem0
> > 5631
> > ip classless
> > no ip http server
> > !
> > logging trap notifications
> >
> > Notice that no actual config changes have occured. The NAT sort routine
> only
> > sorts on IP with no consideration to the same IP having multiple ports
> being
> > translated. It should also sort on port (at least in my case I'd like
> this).
> >
> > Has anyone provided (or can provide) a way to augment the NAT sorting
> rules?
> > I'd like to reduce the amount of diff mails I receive, as I currenly have
> a
> > few hundred of these out in the field and I constantly get diffs with no
> > real changes.
> >
> > Thank in advance,
> >
> > Rod.
> >
> >
> > Roderick B. Greening, B.Sc.
> > Manager, Provisioning & Technical Support
> > Atlantic Region
> > group telecom, a Bell Canada Company
> > 541 Kenmount Rd.
> > St. John's, NF
> > (709) 757-1328 (Office)
> > (709) 685-3681 (Mobile)
> > (709) 757-1201 (Fax)
> > rgreening at gt.ca
> >
> >
> >

Nope. As long as the order doesn't change so I don't see multiple diff's
each time the hash decides to sort differently :)

-----Original Message-----
From: 'john heasley' [mailto:heas@shrubbery.net]
Sent: Saturday, June 11, 2005 7:22 PM
To: Roderick B. Greening
Cc: 'john heasley'; 'rancid-discuss at shrubbery.net'
Subject: Re: Sorting NAT Statements... producing useless diffs...

Is there any significance to the order of (list|route-map|static) or
(ip|esp|network|tcp|udp)?

Sat, Jun 11, 2005 at 10:12:29AM -0700, Roderick B. Greening:
> Here's how my router see's NAT:
>
> ubr900(config)#ip nat ?
> Stateful Stateful NAT configuration commands
> inside Inside address translation
> log NAT Logging
> outside Outside address translation
> pool Define pool of addresses
> service Special translation for application using non-standard port
> translation NAT translation entry configuration
>
> ubr900(config)#ip nat inside ?
> destination Destination address translation
> source Source address translation
>
> ubr900(config)#ip nat inside source ?
> list Specify access list describing local addresses
> route-map Specify route-map
> static Specify static local->global mapping
>
> ubr900(config)#ip nat inside source static ?
> A.B.C.D Inside local IP address
> esp IPSec-ESP (Tunnel mode) support
> network Subnet translation
> tcp Transmission Control Protocol
> udp User Datagram Protocol
>
> ubr900(config)#ip nat inside source static tcp ?
> A.B.C.D Inside local IP address
>
> ubr900(config)#ip nat inside source static tcp 1.1.1.1 ?
> <1-65535> Local UDP/TCP port
>
> ubr900(config)#ip nat inside source static tcp 1.1.1.1 9999 ?
> A.B.C.D Inside global IP address
> interface Specify interface for global address
>
> The 3rd field can be (inside|outside)
> The 4th field can be (source|destination) *note: for outside translation,
> only source if available
> The 5th field can be (list|route-map|static)
>
> At this point, we probably need to be able to split list|route-map|static
> off.
>
> List and route-map are basically the same, and have all the same options:
>
> ip nat (inside|outside) (source|destination) (list|route-map) (\S+) pool
> (\S+)
>
> For static translations, we have the following:
>
> ip nat (inside|outside) (source|destination) static
> (tcp|udp|esp|network|\d+\.\d+\.\d+\.\d+)
>
> If it's (tcp|udp|esp) then you have an IP address and port number followed
> by either another IP address and port number or the keyword interface
> replaces the second IP address.
>
> Is this enough detail?
>
> Thanks.
>
>
> -----Original Message-----
> From: john heasley [mailto:heas at shrubbery.net]
> Sent: Friday, June 10, 2005 9:20 PM
> To: Roderick B. Greening
> Cc: 'rancid-discuss at shrubbery.net'
> Subject: Re: Sorting NAT Statements... producing useless diffs...
>
> sigh, I dont have a pix, but from the manual, I think rancid's match is
> deficient.
>
> /^ip nat (\S+) source static (\S+)/ &&
>
> doesn't handle a protocol field (udp|tcp) as the 6th field.
>
> /^ip nat (\S+) source static ((udp|tcp) )?(\S+)/ &&
> ProcessHistory("IP NAT $1","ipsort","$4","$_") && next;
>
> the IP match probably ought be more specific too,
>
> /^ip nat (\S+) source static ((udp|tcp) )?(\d+\.\d+\.\d+\.\d+)/ &&
>
> What options are available for the 6th field?
>
> Fri, Jun 10, 2005 at 07:26:53AM -0700, Roderick B. Greening:
> > Hi,
> >
> > I keep getting uninteresting diffs like the following:
> >
> > retrieving revision 1.10
> > diff -U4 -r1.10 <FILENAME REMOVED>
> > @@ -101,11 +101,11 @@
> > no keepalive
> > !
> > ip default-gateway <IP REMOVED>
> > + ip nat inside source route-map nonat interface cable-modem0 overload
> > ip nat inside source static udp 192.168.1.11 5632 interface
cable-modem0
> > 5632
> > ip nat inside source static tcp 192.168.1.11 5631 interface
cable-modem0
> > 5631
> > - ip nat inside source route-map nonat interface cable-modem0 overload
> > ip classless
> > no ip http server
> > no ip http secure-server
> > no ip http cable-monitor
> >
> > It appears that the sort routine for NAT needs some augmentation to
order
> > non-static entries as well to try and forces these to appear either
before
> > or after the static ones. Any thoughts?
> >
> > There are two main types of entry I use for overloading:
> >
> > ip nat inside source list 1 interface cable-modem0 overload
> >
> > and
> >
> > ip nat inside source route-map nonat interface cable-modem0 overload
> >
> > The important (non-changing) bits are the "overload" and the "list" vs
> > "route-map".
> >
> > I'd like to augment the NAT/sort/ProcessHistory to force overloaded
> > statements to appear at the top of the NAT history.
> >
> > Also, I've noticed that I receive the following diff's regularly:
> >
> > retrieving revision 1.3
> > diff -U4 -r1.3 <FILENAME REMOVED>
> > @@ -76,12 +76,12 @@
> > no cable-modem compliant bridge
> > !
> > ip default-gateway <IP REMOVED>
> > ip nat inside source list 1 interface cable-modem0 overload
> > - ip nat inside source static udp 192.168.1.20 5632 interface
cable-modem0
> > 5632
> > ip nat inside source static udp 192.168.1.20 5631 interface
cable-modem0
> > 5631
> > - ip nat inside source static tcp 192.168.1.20 5631 interface
cable-modem0
> > 5631
> > + ip nat inside source static udp 192.168.1.20 5632 interface
cable-modem0
> > 5632
> > ip nat inside source static tcp 192.168.1.20 5632 interface
cable-modem0
> > 5632
> > + ip nat inside source static tcp 192.168.1.20 5631 interface
cable-modem0
> > 5631
> > ip classless
> > no ip http server
> > !
> > logging trap notifications
> >
> > Notice that no actual config changes have occured. The NAT sort routine
> only
> > sorts on IP with no consideration to the same IP having multiple ports
> being
> > translated. It should also sort on port (at least in my case I'd like
> this).
> >
> > Has anyone provided (or can provide) a way to augment the NAT sorting
> rules?
> > I'd like to reduce the amount of diff mails I receive, as I currenly
have
> a
> > few hundred of these out in the field and I constantly get diffs with no
> > real changes.
> >
> > Thank in advance,
> >
> > Rod.
> >
> >
> > Roderick B. Greening, B.Sc.
> > Manager, Provisioning & Technical Support
> > Atlantic Region
> > group telecom, a Bell Canada Company
> > 541 Kenmount Rd.
> > St. John's, NF
> > (709) 757-1328 (Office)
> > (709) 685-3681 (Mobile)
> > (709) 757-1201 (Fax)
> > rgreening at gt.ca
> >
> >
> >