[vpp-dev] With SNAT configured, ACL will not work

Mon, 26 Jun 2017 04:49:55 -0700 

Hi guys,

When I configure SNAT first and then configure ACL, ip4-inacl node doesn't 
appear , ACl not work.
When I configure ACL first and then configure SNAT, ip4-inacl node  appear but 
not work.

My configuration about snat is shown below:
create host-interface name eth0 hw-addr 00:50:43:00:02:02
create host-interface name eth1 hw-addr 0E:1A:0D:00:50:43
set interface state host-eth0 up
set interface state host-eth1 up
set dhcp client intfc host-eth1 hostname vppgate
set interface snat in host-eth0  out  host-eth1 
snat add interface address  host-eth1
set interface ip addr host-eth0 192.168.2.1/24
classify table mask l3 ip4 dst
classify session acl-hit-next deny table-index 0 match l3 ip4 dst 172.16.36.129
set interface input acl intfc host-eth1 ip4-table 0

The trace :
Packet 3

00:12:29:629116: af-packet-input
  af_packet: hw_if_index 2 next-index 4
    tpacket2_hdr:
      status 0x1 len 83 snaplen 83 mac 66 net 80
      sec 0x31b nsec 0x1adb20 vlan 0
00:12:29:629397: ethernet-input
  IP4: 84:b2:61:dc:69:d5 -> 0e:1a:0d:00:50:43
00:12:29:629456: ip4-input
  UDP: 10.19.8.15 -> 172.16.36.129
    tos 0x00, ttl 126, length 69, checksum 0xe79f
    fragment id 0x7255
  UDP: 53 -> 39248
    length 49, checksum 0x1e02
00:12:29:629517: snat-out2in
  SNAT_OUT2IN: sw_if_index 2, next index 1, session index 87
00:12:29:629593: ip4-lookup
  fib 0 dpo-idx 8 flow hash: 0x00000000
  UDP: 10.19.8.15 -> 192.168.2.50
    tos 0x00, ttl 126, length 69, checksum 0xf556
    fragment id 0x7255
  UDP: 53 -> 61590                                                             
    length 49, checksum 0x0000
00:12:29:629654: ip4-rewrite
  tx_sw_if_index 3 dpo-idx 8 : ipv4 via 0.0.0.0 pppoe0: 
2c534a03934200504300020288641100000100000021 flow hash: 0x00000000
  00000000: 2c534a0393420050430002028864110000010000002145000045725500007d11
  00000020: f6560a13080fc0a802320035f09600310000acfe8182000100000000
00:12:29:629688: pppoe0-output
  pppoe0
  PPPOE 0x0050, version 0x02, type 0x0c
00:12:29:629744: pppoe0-tx
  PPPOE: session 1 len 71 tx_sw_index 1
00:12:29:629784: host-eth0-output
  host-eth0
  PPPOE_SESSION: 00:50:43:00:02:02 -> 2c:53:4a:03:93:42
  PPPOE ip4 
  
 How can I solve the problem?
 
 Thanks,
 Xyxue



_______________________________________________
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev

Reply via email to