The table of NAT Aliases can store up to 255 entries, indexed starting from 0 up to 254.
The entry priority index sets the entries verification order and must be sequential. The priority index for NAT Aliases is used as a reference for operations of insertion, modification and deletion.
Commands for handling the table of NAT Aliases are the following:
Changes made in the table are activated by executing the command init nat without needing to restart Abilis CPX.
This command shows the content of the Table of NAT Alias.
[16:41:45] ABILIS_CPX:d nat
UPNP maps not present
Configured maps
-------------------------------------------------------------------------------
PR: [DESCR:]
INAT: ADD: SNET: DNET: ANET:
ONAT: SPO: DPO: APO: PAT:
SIP: DIP: PROT: TOUT:
-------------------------------------------------------------------------------
0 IN SRC 192.168.000.000/24 * OUT-IP
OUT * * AUTO YES
-------------------------------------------------------------------------------
1 IN SRC 192.168.001.000/24 * OUT-IP
OUT * * AUTO YES
-------------------------------------------------------------------------------
2 IN SRC 010.100.100.000/24 * OUT-IP
OUT * * AUTO YES
-------------------------------------------------------------------------------
3 OUT DST * 083.211.161.025/32 083.211.161.025/32
IN * * * YES
-------------------------------------------------------------------------------
NAT supports 4 divided zones: INSIDE, OUTSIDE, DMZ, VPN (an IP resource can be assigned freely to one of these zones).
Meaning of parameters:
PR
NAT alias entry priority. One value in the range [0..254] or a range of values 'xx-yy' or a list of values 'xx,yy,...' separated by ',' (comma) or A or ALL. <Optional>
INAT
Input NAT [NONE, IN (or INSIDE), OUT (or OUTSIDE), VPN, DMZ] Values can be joined using ',' character. <Optional>
ONAT
Output NAT [NONE, IN (or INSIDE), OUT (or OUTSIDE), VPN, DMZ] Values can be joined using ',' character. <Optional>
SIP
Source IP resource [1..250, *, NONE].
DIP
Destination IP resource [1..250, *, NONE].
ADD
Address translation type [SRC
: Source
Address Translation, DST
: Destination Address
Translation].
SNET
Source Network IP address [0.0.0.0, 1-126.x.x.x, 127.0.0.1, 128-223.x.x.x] and mask length [0-32] or "*" or the name of an IP/IR/RU/MR list for network IP addresses between primes or "Ip-nnn", where 'nnn' is an IP resource index in [1..250] (E.g.: * or 192.168.0.1/32 or 'ListName' or IP-23).
SPO
Allowed source TCP/UDP port(s): a single port mnemonic or decimal value [1..65535] or two port values separated by ':' (colon) or "*" (Any port) or the name of a TUP/RU/MR list between primes (E.g.: 22 or SSH or 1:1024 or * or 'List').
Note | |
---|---|
Only for
|
PROT
Allowed IP protocols [ICMP
,
TCP
, UDP
,
*
, NONE
]. Values can be
joined using ',' character.
Note | |
---|---|
Only for
|
DNET
Destination Network IP address [0.0.0.0, 1-126.x.x.x, 127.0.0.1, 128-223.x.x.x] and mask length [0-32] or * or the name of an IP/IR/RU/MR list for network IP addresses between single quotes or "Ip-nnn", where 'nnn' is an IP resource index in [1..250] (E.g. * or 192.168.0.1/32 or 'ListName' or Ip-23).
DPO
Allowed destination TCP/UDP port(s): a single port mnemonic
or decimal value [1..65535] or two port values separated by ':'
(colon) or * (Any port) or the name of a TUP/RU/MR list between single quotes or
the name of a TUPR list between double single quotes. (E.g. 22 or
SSH or 1:1024 or * or 'List' or ''tupr-list'') TUPR lists can be
used only when ADD
:DST
. When
DPO
refer to a TUPR list,
APO
is not allowed.
Note | |
---|---|
Only for
|
TOUT
Translation time-out of the entry [SYS, 60..65535 sec].
ANET
Alias network IP address [0.0.0.0, 1-126.x.x.x, 127.0.0.1, 128-223.x.x.x] and mask length [0-32] or "OUT-IP" or "Ip-nnn", where 'nnn' is an IP resource index in [1..250] (E.g.: 192.168.0.1/32 or OUT-IP or Ip-1).
APO
Alias source or destination TCP/UDP port: a single port
mnemonic or decimal value [1..65535] or * (leaves the port
unchanged) or AUTO (for
ADD
:SRC
assigns a dynamic
and currently unused port number, for
ADD
:DST
behaves like *)
(E.g. SSH or 22 or * or AUTO). The aliased port is
SPO
for
ADD
:SRC
records and
DPO
for
ADD
:DST
. When
DPO
refer to a TUPR list,
APO
is not allowed.
Note | |
---|---|
Only for
|
PAT
Port address translation [NO
,
YES
].
Type the command d nat ? to view the available options.
Tip | |
---|---|
Interesting chapters:Section 27.1.1, “NAT overview”. |
This command adds a new entry in the Table of NAT Alias with
“PR
:xxx
” priority and
it may set the parameters to the specified values.
The syntax of the command is:
a nat pr:xxx [par:val]
[17:28:09] ABILIS_CPX:d nat
UPNP maps not present Configured maps ------------------------------------------------------------------------------- PR: [DESCR:] INAT: ADD: SNET: DNET: ANET: ONAT: SPO: DPO: APO: PAT: SIP: DIP: PROT: TOUT: ------------------------------------------------------------------------------- 0 IN SRC Ip-1 * OUT-IP OUT * * AUTO YES ------------------------------------------------------------------------------- [17:29:36] ABILIS_CPX:a nat pr:1 inat:in onat:out add:src snet:192.168.5.0/24 anet:217.1.1.1/32 pat:yes
COMMAND EXECUTED [16:47:33] ABILIS_CPX:d nat
UPNP maps not present Configured maps - Not Saved (SAVE CONF), Not Refreshed (INIT) --------------------------------- ------------------------------------------------------------------------------- PR: [DESCR:] INAT: ADD: SNET: DNET: ANET: ONAT: SPO: DPO: APO: PAT: SIP: DIP: PROT: TOUT: ------------------------------------------------------------------------------- 0 IN SRC Ip-1 * OUT-IP OUT * * AUTO YES ------------------------------------------------------------------------------- 1 IN SRC 192.168.005.000/24 * 217.001.001.001/32 OUT * * AUTO YES -------------------------------------------------------------------------------
This command removes from the Table of NAT Alias the entry, whose
priority is “PR
:xxx
”.
The next entries are decremented by one, so that the table is still
contiguous.
The syntax of the command is:
c nat pr:xxx
[17:36:39] ABILIS_CPX:d nat
UPNP maps not present Configured maps - Not Saved (SAVE CONF), Not Refreshed (INIT) --------------------------------- ------------------------------------------------------------------------------- PR: [DESCR:] INAT: ADD: SNET: DNET: ANET: ONAT: SPO: DPO: APO: PAT: SIP: DIP: PROT: TOUT: ------------------------------------------------------------------------------- 0 IN SRC Ip-1 * OUT-IP OUT * * AUTO YES ------------------------------------------------------------------------------- 1 IN SRC 192.168.005.000/24 * 217.001.001.001/32 OUT * * AUTO YES ------------------------------------------------------------------------------- 2 IN SRC 192.168.004.000/24 * 217.001.001.001/32 OUT * * AUTO YES ------------------------------------------------------------------------------- [16:51:15] ABILIS_CPX:c nat pr:2
COMMAND EXECUTED [16:52:06] ABILIS_CPX:d nat
UPNP maps not present Configured maps - Not Saved (SAVE CONF), Not Refreshed (INIT) --------------------------------- ------------------------------------------------------------------------------- PR: [DESCR:] INAT: ADD: SNET: DNET: ANET: ONAT: SPO: DPO: APO: PAT: SIP: DIP: PROT: TOUT: ------------------------------------------------------------------------------- 0 IN SRC Ip-1 * OUT-IP OUT * * AUTO YES ------------------------------------------------------------------------------- 1 IN SRC 192.168.005.000/24 * 217.001.001.001/32 OUT * * AUTO YES -------------------------------------------------------------------------------
It sets the new values the parameters of the NAT Alias entry
specified by
“PR
:xxx
”.
The syntax of the command is:
s nat pr:xxx par:val [par:val]
[16:52:06] ABILIS_CPX:d nat
UPNP maps not present Configured maps - Not Saved (SAVE CONF), Not Refreshed (INIT) --------------------------------- ------------------------------------------------------------------------------- PR: [DESCR:] INAT: ADD: SNET: DNET: ANET: ONAT: SPO: DPO: APO: PAT: SIP: DIP: PROT: TOUT: ------------------------------------------------------------------------------- 0 IN SRC Ip-1 * OUT-IP OUT * * AUTO YES ------------------------------------------------------------------------------- 1 IN SRC 192.168.005.000/24 * 217.001.001.001/32 OUT * * AUTO YES ------------------------------------------------------------------------------- [16:53:51] ABILIS_CPX:s nat pr:1 snet:192.168.3.0/24 anet:217.1.1.2/32
COMMAND EXECUTED [16:54:18] ABILIS_CPX:d nat
UPNP maps not present Configured maps - Not Saved (SAVE CONF), Not Refreshed (INIT) --------------------------------- ------------------------------------------------------------------------------- PR: [DESCR:] INAT: ADD: SNET: DNET: ANET: ONAT: SPO: DPO: APO: PAT: SIP: DIP: PROT: TOUT: ------------------------------------------------------------------------------- 0 IN SRC Ip-1 * OUT-IP OUT * * AUTO YES ------------------------------------------------------------------------------- 1 IN SRC 192.168.003.000/24 * 217.001.001.002/32 OUT * * AUTO YES -------------------------------------------------------------------------------
It changes the NAT Alias entry priority value
“PR
:xxx
” to
“PR
:yyy
”. Therefore
the entry position, inside the table, will be changed and the whole
table will be sorted again to guarantee its contiguity.
The syntax of the command is:
m nat pr:xxx pr:yyy
[16:55:44] ABILIS_CPX:d nat
UPNP maps not present Configured maps - Not Saved (SAVE CONF), Not Refreshed (INIT) --------------------------------- ------------------------------------------------------------------------------- PR: [DESCR:] INAT: ADD: SNET: DNET: ANET: ONAT: SPO: DPO: APO: PAT: SIP: DIP: PROT: TOUT: ------------------------------------------------------------------------------- 0 IN SRC Ip-1 * OUT-IP OUT * * AUTO YES ------------------------------------------------------------------------------- 1 IN SRC 192.168.003.000/24 * 217.001.001.002/32 OUT * * AUTO YES ------------------------------------------------------------------------------- 2 IN SRC 192.168.005.000/24 * 217.001.001.001/32 OUT * * AUTO YES ------------------------------------------------------------------------------- [16:55:53] ABILIS_CPX:m nat pr:2 pr:1
COMMAND EXECUTED [16:56:06] ABILIS_CPX:d nat
UPNP maps not present Configured maps - Not Saved (SAVE CONF), Not Refreshed (INIT) --------------------------------- ------------------------------------------------------------------------------- PR: [DESCR:] INAT: ADD: SNET: DNET: ANET: ONAT: SPO: DPO: APO: PAT: SIP: DIP: PROT: TOUT: ------------------------------------------------------------------------------- 0 IN SRC Ip-1 * OUT-IP OUT * * AUTO YES ------------------------------------------------------------------------------- 1 IN SRC 192.168.005.000/24 * 217.001.001.001/32 OUT * * AUTO YES ------------------------------------------------------------------------------- 2 IN SRC 192.168.003.000/24 * 217.001.001.002/32 OUT * * AUTO YES -------------------------------------------------------------------------------
Description of commands:
init nat: it refreshes the NAT static table and clears the NAT dynamic table content.
init res:nat: it refreshes the NAT static table, but DOESN'T clear the NAT dynamic table content.
Note | |
---|---|
The “Not Refreshed (INIT)” message is displayed every time the table is modified but not refreshed. |
[16:56:37] ABILIS_CPX:d nat
UPNP maps not present Configured maps - Not Saved (SAVE CONF), Not Refreshed (INIT) --------------------------------- ------------------------------------------------------------------------------- PR: [DESCR:] INAT: ADD: SNET: DNET: ANET: ONAT: SPO: DPO: APO: PAT: SIP: DIP: PROT: TOUT: ------------------------------------------------------------------------------- 0 IN SRC Ip-1 * OUT-IP OUT * * AUTO YES ------------------------------------------------------------------------------- 1 IN SRC 192.168.005.000/24 * 217.001.001.001/32 OUT * * AUTO YES ------------------------------------------------------------------------------- 2 IN SRC 192.168.003.000/24 * 217.001.001.002/32 OUT * * AUTO YES ------------------------------------------------------------------------------- [16:58:27] ABILIS_CPX:init nat
COMMAND EXECUTED [16:58:48] ABILIS_CPX:d nat
UPNP maps not present Configured maps - Not Saved (SAVE CONF) ------------------------------------------------------- ------------------------------------------------------------------------------- PR: [DESCR:] INAT: ADD: SNET: DNET: ANET: ONAT: SPO: DPO: APO: PAT: SIP: DIP: PROT: TOUT: ------------------------------------------------------------------------------- 0 IN SRC Ip-1 * OUT-IP OUT * * AUTO YES ------------------------------------------------------------------------------- 1 IN SRC 192.168.005.000/24 * 217.001.001.001/32 OUT * * AUTO YES ------------------------------------------------------------------------------- 2 IN SRC 192.168.003.000/24 * 217.001.001.002/32 OUT * * AUTO YES -------------------------------------------------------------------------------