Creating auto-constrain nat rules, Auto-constrain example, Advanced rule matching – Extreme Networks 200 Series User Manual
Page 142: Destination specific nat, L4-port specific nat
140
Summit 200 Series Switch Installation and User Guide
Network Address Translation (NAT)
Creating Auto-Constrain NAT Rules
To create auto-constrain NAT rules, use the following command:
config nat [add | delete] vlan <outside_vlan> map source [any | <ipaddress> [/<bits> |
<netmask>]] to <ip> [/<mask> | <netmask> | - <ipaddress>] {[tcp | udp | both]
auto-constrain}
This rule uses auto-constrain NAT. Remember that each inside IP address will be restricted in the
number of simultaneous connections. Most installations should use portmap mode.
Auto-Constrain Example
config nat add out_vlan_3 map source 192.168.3.0/24 to 216.52.8.64/32 both
auto-constrain
Advanced Rule Matching
By default, NAT rules only match connections based on the source IP address of the outgoing packets.
Using the
L4-port
and
destination
keywords, you can further limit the scope of the NAT rule so that
it only applied to specific TCP/UDP Layer 4 port numbers, or specific outside destination IP addresses.
NOTE
Once a single rule is matched, no other rules are processed.
Destination Specific NAT
config nat [add | delete] vlan <outside_vlan> map source [any | <ipaddress> [/<bits> |
<netmask>]] {destination <ipaddress/mask>} to <ipaddress> [/<mask> | <netmask> |
- <ipaddress>]
The addition of the
destination
optional keyword after the source IP address and mask allows the
NAT rule to be applied to only packets with a specific destination IP address.
L4-Port Specific NAT
The addition of the
L4-port
optional keyword after the source IP address and mask allows the NAT
rule to be applied only to packets with a specific L4 source or destination port. If you use the L4-port
command after the source IP/mask, the rule will match only if the port(s) specified are the source
L4-ports. If you use the L4-port command after the destination IP/mask, the rule will match only if the
port(s) specified are the destination L4-ports. Both options may be used together to further limit the
rule.