1 setting inside and outside interfaces, 2 setting nat rules, 2 forcing flows through nat – Riverstone Networks WICT1-12 User Manual

21-2 Riverstone Networks RS Switch Router User Guide Release 8.0

Forcing Flows through NAT

Network Address Translation Configuration

21.1.1

Setting Inside and Outside Interfaces

When NAT is enabled, address translation is only applied to those interfaces which are defined to NAT as “inside” or
“outside” interfaces. NAT only translates packets that arrive on a defined inside or outside interface.

To specify an interface as inside (local) or outside (global), enter the following command in Configure mode.

21.1.2

Setting NAT Rules

Static

You create NAT static bindings by entering the following command in Configure mode.

Dynamic

You create NAT dynamic bindings by entering the following command in Configure mode.

For dynamic address bindings, you define the address pools with previously-created ACLs. You can also specify the

enable-port-overload

parameter to allow PAT.

21.2 FORCING FLOWS THROUGH NAT

If a host on the outside global network knows an inside local address, it can send a message directly to the inside local
address. By default, the RS will route the message to the destination. You can force all flows between the inside local
pool and the outside global network to be translated. This prevents a host on the outside global network from being
allowed to send messages directly to any address in the local address pool.

Define an interface as inside or outside for NAT.

nat set interface

<InterfaceName>

inside|outside

Enable NAT with static address binding.

nat create static protocol ip|tcp|udp local-ip

<local-ip-add/address range>

global-ip

<global-ip-add/address

range>

[local-port

<tcp/udp local-port>

|any] [global-port

<tcp/udp global-port>

|any]

Enable NAT with dynamic address binding.

nat create dynamic local-acl-pool

<local-acl>

global-pool

<ip-addr/ip-addr-range/ip-addr-list/ip-addr-mask>

[matches-interface

<interface>

] [enable-ip-overload]