nat: T7243: Add NAT OUTPUT

[sskaje]

Change summary

Add NAT OUTPUT to support forwarding between ports under 127.0.0.1 .

Only added nat/output, not sure if nat66/output should be add.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Code style update (formatting, renaming)
• Refactoring (no functional changes)
• Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
• Other (please describe):

Related Task(s)

https://vyos.dev/T7243

Related PR(s)

How to test / Smoketest result

Case 1: Forward 127.0.0.1:53 to 127.0.0.1:7874

127.0.0.1 was not listened by any service, 127.0.0.1:7874 is listened by clash DNS.

set nat output rule 100 destination address '127.0.0.1'
set nat output rule 100 destination port '53'
set nat output rule 100 protocol 'tcp_udp'
set nat output rule 100 translation address '127.0.0.1'
set nat output rule 100 translation port '7874'

Case 2: Forward 192.168.10.3:53 to 192.168.10.1:7874

192.168.10.3 is not up, just test for external ips. 192.168.10.1:7874 is clash on another vyos

set nat output rule 110 destination address '192.168.10.3'
set nat output rule 110 destination port '53'
set nat output rule 110 protocol 'tcp_udp'
set nat output rule 110 translation address '192.168.10.1'
set nat output rule 110 translation port '7874'

Smoketest:

# /usr/libexec/vyos/tests/smoke/cli/test_nat.py 
test_dnat (__main__.TestNAT.test_dnat) ... ok
test_dnat_negated_addresses (__main__.TestNAT.test_dnat_negated_addresses) ... ok
test_dnat_redirect (__main__.TestNAT.test_dnat_redirect) ... ok
test_dnat_without_translation_address (__main__.TestNAT.test_dnat_without_translation_address) ... ok
test_nat_balance (__main__.TestNAT.test_nat_balance) ... ok
test_nat_fqdn (__main__.TestNAT.test_nat_fqdn) ... ok
test_nat_no_rules (__main__.TestNAT.test_nat_no_rules) ... ok
test_snat (__main__.TestNAT.test_snat) ... ok
test_snat_groups (__main__.TestNAT.test_snat_groups) ... ok
test_snat_net_port_map (__main__.TestNAT.test_snat_net_port_map) ... ok
test_snat_required_translation_address (__main__.TestNAT.test_snat_required_translation_address) ... ok
test_static_nat (__main__.TestNAT.test_static_nat) ... ok


root@vyos:/home/vyos# /usr/libexec/vyos/tests/smoke/cli/test_nat
test_nat64.py  test_nat66.py  test_nat.py    
root@vyos:/home/vyos# /usr/libexec/vyos/tests/smoke/cli/test_nat66.py 
test_destination_nat66 (__main__.TestNAT66.test_destination_nat66) ... ok
test_destination_nat66_network_group (__main__.TestNAT66.test_destination_nat66_network_group) ... ok
test_destination_nat66_prefix (__main__.TestNAT66.test_destination_nat66_prefix) ... ok
test_destination_nat66_protocol (__main__.TestNAT66.test_destination_nat66_protocol) ... ok
test_destination_nat66_without_translation_address (__main__.TestNAT66.test_destination_nat66_without_translation_address) ... ok
test_nat66_no_rules (__main__.TestNAT66.test_nat66_no_rules) ... ok
test_source_nat66 (__main__.TestNAT66.test_source_nat66) ... ok
test_source_nat66_address (__main__.TestNAT66.test_source_nat66_address) ... ok
test_source_nat66_protocol (__main__.TestNAT66.test_source_nat66_protocol) ... ok
test_source_nat66_required_translation_prefix (__main__.TestNAT66.test_source_nat66_required_translation_prefix) ... ok

Checklist:

• I have read the CONTRIBUTING document
• I have linked this PR to one or more Phabricator Task(s)
• I have run the components SMOKETESTS if applicable
• My commit headlines contain a valid Task id
• My change requires a change to the documentation
• I have updated the documentation accordingly

[github-actions]

👍
No issues in PR Title / Commit Title

[github-actions]

CI integration ❌ failed!

Details

CI logs

• CLI Smoketests (no interfaces) 👍 passed
• CLI Smoketests (interfaces only) ❌ failed
• Config tests 👍 passed
• RAID1 tests 👍 passed
• TPM tests 👍 passed