27.2. NAT Aliases table

The table of NAT Aliases can store up to 255 entries, indexed starting from 0 up to 254.

The entry priority index sets the entries verification order and must be sequential. The priority index for NAT Aliases is used as a reference for operations of insertion, modification and deletion.

Commands for handling the table of NAT Aliases are the following:

Changes made in the table are activated by executing the command init nat without needing to restart Abilis CPX.

27.2.1. D NAT (Display NAT alias)

This command shows the content of the Table of NAT Alias.

[16:41:45] ABILIS_CPX:d nat

UPNP maps not present

Configured maps
-------------------------------------------------------------------------------
PR: [DESCR:]
    INAT:         ADD: SNET:              DNET:              ANET:
    ONAT:              SPO:               DPO:               APO:          PAT:
    SIP:  DIP:         PROT:              TOUT:
-------------------------------------------------------------------------------
0   IN            SRC  192.168.000.000/24 *                  OUT-IP
    OUT                *                  *                  AUTO          YES
-------------------------------------------------------------------------------
1   IN            SRC  192.168.001.000/24 *                  OUT-IP
    OUT                *                  *                  AUTO          YES
-------------------------------------------------------------------------------
2   IN            SRC  010.100.100.000/24 *                  OUT-IP
    OUT                *                  *                  AUTO          YES
-------------------------------------------------------------------------------
3   OUT           DST  *                  083.211.161.025/32 083.211.161.025/32
    IN                 *                  *                  *             YES
-------------------------------------------------------------------------------

NAT supports 4 divided zones: INSIDE, OUTSIDE, DMZ, VPN (an IP resource can be assigned freely to one of these zones).

Meaning of parameters:

PR

NAT alias entry priority. One value in the range [0..254] or a range of values 'xx-yy' or a list of values 'xx,yy,...' separated by ',' (comma) or A or ALL. <Optional>

INAT

Input NAT [NONE, IN (or INSIDE), OUT (or OUTSIDE), VPN, DMZ] Values can be joined using ',' character. <Optional>

ONAT

Output NAT [NONE, IN (or INSIDE), OUT (or OUTSIDE), VPN, DMZ] Values can be joined using ',' character. <Optional>

SIP

Source IP resource [1..250, *, NONE].

DIP

Destination IP resource [1..250, *, NONE].

ADD

Address translation type [SRC: Source Address Translation, DST: Destination Address Translation].

SNET

Source Network IP address [0.0.0.0, 1-126.x.x.x, 127.0.0.1, 128-223.x.x.x] and mask length [0-32] or "*" or the name of an IP/IR/RU/MR list for network IP addresses between primes or "Ip-nnn", where 'nnn' is an IP resource index in [1..250] (E.g.: * or 192.168.0.1/32 or 'ListName' or IP-23).

SPO

Allowed source TCP/UDP port(s): a single port mnemonic or decimal value [1..65535] or two port values separated by ':' (colon) or "*" (Any port) or the name of a TUP/RU/MR list between primes (E.g.: 22 or SSH or 1:1024 or * or 'List').

[Note]Note

Only for PROT:*|TCP|UDP.

PROT

Allowed IP protocols [ICMP, TCP, UDP, *, NONE]. Values can be joined using ',' character.

[Note]Note

Only for PAT:YES.

DNET

Destination Network IP address [0.0.0.0, 1-126.x.x.x, 127.0.0.1, 128-223.x.x.x] and mask length [0-32] or * or the name of an IP/IR/RU/MR list for network IP addresses between single quotes or "Ip-nnn", where 'nnn' is an IP resource index in [1..250] (E.g. * or 192.168.0.1/32 or 'ListName' or Ip-23).

DPO

Allowed destination TCP/UDP port(s): a single port mnemonic or decimal value [1..65535] or two port values separated by ':' (colon) or * (Any port) or the name of a TUP/RU/MR list between single quotes or the name of a TUPR list between double single quotes. (E.g. 22 or SSH or 1:1024 or * or 'List' or ''tupr-list'') TUPR lists can be used only when ADD:DST. When DPO refer to a TUPR list, APO is not allowed.

[Note]Note

Only for PROT:*|TCP|UDP.

TOUT

Translation time-out of the entry [SYS, 60..65535 sec].

ANET

Alias network IP address [0.0.0.0, 1-126.x.x.x, 127.0.0.1, 128-223.x.x.x] and mask length [0-32] or "OUT-IP" or "Ip-nnn", where 'nnn' is an IP resource index in [1..250] (E.g.: 192.168.0.1/32 or OUT-IP or Ip-1).

APO

Alias source or destination TCP/UDP port: a single port mnemonic or decimal value [1..65535] or * (leaves the port unchanged) or AUTO (for ADD:SRC assigns a dynamic and currently unused port number, for ADD:DST behaves like *) (E.g. SSH or 22 or * or AUTO). The aliased port is SPO for ADD:SRC records and DPO for ADD:DST. When DPO refer to a TUPR list, APO is not allowed.

[Note]Note

Only for PROT:*|TCP|UDP.

PAT

Port address translation [NO, YES].

Type the command d nat ? to view the available options.

[Tip]Tip

Interesting chapters:Section 27.1.1, “NAT overview”.

27.2.2. A NAT (Add NAT alias)

This command adds a new entry in the Table of NAT Alias with “PR:xxx” priority and it may set the parameters to the specified values.

The syntax of the command is:

a nat pr:xxx [par:val]

[17:28:09] ABILIS_CPX:d nat

UPNP maps not present

Configured maps
-------------------------------------------------------------------------------
PR: [DESCR:]
    INAT:         ADD: SNET:              DNET:              ANET:
    ONAT:              SPO:               DPO:               APO:          PAT:
    SIP:  DIP:         PROT:              TOUT:
-------------------------------------------------------------------------------
0   IN            SRC  Ip-1               *                  OUT-IP
    OUT                *                  *                  AUTO          YES
-------------------------------------------------------------------------------

[17:29:36] ABILIS_CPX:a nat pr:1 inat:in onat:out add:src snet:192.168.5.0/24 anet:217.1.1.1/32 pat:yes

COMMAND EXECUTED

[16:47:33] ABILIS_CPX:d nat

UPNP maps not present

Configured maps
- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------
-------------------------------------------------------------------------------
PR: [DESCR:]
    INAT:         ADD: SNET:              DNET:              ANET:
    ONAT:              SPO:               DPO:               APO:          PAT:
    SIP:  DIP:         PROT:              TOUT:
-------------------------------------------------------------------------------
0   IN            SRC  Ip-1               *                  OUT-IP
    OUT                *                  *                  AUTO          YES
-------------------------------------------------------------------------------
1   IN            SRC  192.168.005.000/24 *                  217.001.001.001/32
    OUT                *                  *                  AUTO          YES
-------------------------------------------------------------------------------

27.2.3. C NAT (C NAT alias)

This command removes from the Table of NAT Alias the entry, whose priority is “PR:xxx”. The next entries are decremented by one, so that the table is still contiguous.

The syntax of the command is:

c nat pr:xxx

[17:36:39] ABILIS_CPX:d nat

UPNP maps not present

Configured maps
- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------
-------------------------------------------------------------------------------
PR: [DESCR:]
    INAT:         ADD: SNET:              DNET:              ANET:
    ONAT:              SPO:               DPO:               APO:          PAT:
    SIP:  DIP:         PROT:              TOUT:
-------------------------------------------------------------------------------
0   IN            SRC  Ip-1               *                  OUT-IP
    OUT                *                  *                  AUTO          YES
-------------------------------------------------------------------------------
1   IN            SRC  192.168.005.000/24 *                  217.001.001.001/32
    OUT                *                  *                  AUTO          YES
-------------------------------------------------------------------------------
2   IN            SRC  192.168.004.000/24 *                  217.001.001.001/32
    OUT                *                  *                  AUTO          YES
-------------------------------------------------------------------------------

[16:51:15] ABILIS_CPX:c nat pr:2

COMMAND EXECUTED

[16:52:06] ABILIS_CPX:d nat

UPNP maps not present

Configured maps
- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------
-------------------------------------------------------------------------------
PR: [DESCR:]
    INAT:         ADD: SNET:              DNET:              ANET:
    ONAT:              SPO:               DPO:               APO:          PAT:
    SIP:  DIP:         PROT:              TOUT:
-------------------------------------------------------------------------------
0   IN            SRC  Ip-1               *                  OUT-IP
    OUT                *                  *                  AUTO          YES
-------------------------------------------------------------------------------
1   IN            SRC  192.168.005.000/24 *                  217.001.001.001/32
    OUT                *                  *                  AUTO          YES
-------------------------------------------------------------------------------

27.2.4. S NAT (Set NAT Alias)

It sets the new values the parameters of the NAT Alias entry specified by “PR:xxx”.

The syntax of the command is:

s nat pr:xxx par:val [par:val]

[16:52:06] ABILIS_CPX:d nat

UPNP maps not present

Configured maps
- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------
-------------------------------------------------------------------------------
PR: [DESCR:]
    INAT:         ADD: SNET:              DNET:              ANET:
    ONAT:              SPO:               DPO:               APO:          PAT:
    SIP:  DIP:         PROT:              TOUT:
-------------------------------------------------------------------------------
0   IN            SRC  Ip-1               *                  OUT-IP
    OUT                *                  *                  AUTO          YES
-------------------------------------------------------------------------------
1   IN            SRC  192.168.005.000/24 *                  217.001.001.001/32
    OUT                *                  *                  AUTO          YES
-------------------------------------------------------------------------------

[16:53:51] ABILIS_CPX:s nat pr:1 snet:192.168.3.0/24 anet:217.1.1.2/32

COMMAND EXECUTED

[16:54:18] ABILIS_CPX:d nat

UPNP maps not present

Configured maps
- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------
-------------------------------------------------------------------------------
PR: [DESCR:]
    INAT:         ADD: SNET:              DNET:              ANET:
    ONAT:              SPO:               DPO:               APO:          PAT:
    SIP:  DIP:         PROT:              TOUT:
-------------------------------------------------------------------------------
0   IN            SRC  Ip-1               *                  OUT-IP
    OUT                *                  *                  AUTO          YES
-------------------------------------------------------------------------------
1   IN            SRC  192.168.003.000/24 *                  217.001.001.002/32
    OUT                *                  *                  AUTO          YES
-------------------------------------------------------------------------------

27.2.5. M NAT (Move NAT Alias)

It changes the NAT Alias entry priority value “PR:xxx” to “PR:yyy”. Therefore the entry position, inside the table, will be changed and the whole table will be sorted again to guarantee its contiguity.

The syntax of the command is:

m nat pr:xxx pr:yyy

[16:55:44] ABILIS_CPX:d nat

UPNP maps not present

Configured maps
- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------
-------------------------------------------------------------------------------
PR: [DESCR:]
    INAT:         ADD: SNET:              DNET:              ANET:
    ONAT:              SPO:               DPO:               APO:          PAT:
    SIP:  DIP:         PROT:              TOUT:
-------------------------------------------------------------------------------
0   IN            SRC  Ip-1               *                  OUT-IP
    OUT                *                  *                  AUTO          YES
-------------------------------------------------------------------------------
1   IN            SRC  192.168.003.000/24 *                  217.001.001.002/32
    OUT                *                  *                  AUTO          YES
-------------------------------------------------------------------------------
2   IN            SRC  192.168.005.000/24 *                  217.001.001.001/32
    OUT                *                  *                  AUTO          YES
-------------------------------------------------------------------------------

[16:55:53] ABILIS_CPX:m nat pr:2 pr:1

COMMAND EXECUTED

[16:56:06] ABILIS_CPX:d nat

UPNP maps not present

Configured maps
- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------
-------------------------------------------------------------------------------
PR: [DESCR:]
    INAT:         ADD: SNET:              DNET:              ANET:
    ONAT:              SPO:               DPO:               APO:          PAT:
    SIP:  DIP:         PROT:              TOUT:
-------------------------------------------------------------------------------
0   IN            SRC  Ip-1               *                  OUT-IP
    OUT                *                  *                  AUTO          YES
-------------------------------------------------------------------------------
1   IN            SRC  192.168.005.000/24 *                  217.001.001.001/32
    OUT                *                  *                  AUTO          YES
-------------------------------------------------------------------------------
2   IN            SRC  192.168.003.000/24 *                  217.001.001.002/32
    OUT                *                  *                  AUTO          YES
-------------------------------------------------------------------------------

27.2.6. INIT RES:NAT and INIT NAT

Description of commands:

  • init nat: it refreshes the NAT static table and clears the NAT dynamic table content.

  • init res:nat: it refreshes the NAT static table, but DOESN'T clear the NAT dynamic table content.

[Note]Note

The “Not Refreshed (INIT)” message is displayed every time the table is modified but not refreshed.

[16:56:37] ABILIS_CPX:d nat

UPNP maps not present

Configured maps
- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------
-------------------------------------------------------------------------------
PR: [DESCR:]
    INAT:         ADD: SNET:              DNET:              ANET:
    ONAT:              SPO:               DPO:               APO:          PAT:
    SIP:  DIP:         PROT:              TOUT:
-------------------------------------------------------------------------------
0   IN            SRC  Ip-1               *                  OUT-IP
    OUT                *                  *                  AUTO          YES
-------------------------------------------------------------------------------
1   IN            SRC  192.168.005.000/24 *                  217.001.001.001/32
    OUT                *                  *                  AUTO          YES
-------------------------------------------------------------------------------
2   IN            SRC  192.168.003.000/24 *                  217.001.001.002/32
    OUT                *                  *                  AUTO          YES
-------------------------------------------------------------------------------

[16:58:27] ABILIS_CPX:init nat

COMMAND EXECUTED

[16:58:48] ABILIS_CPX:d nat

UPNP maps not present

Configured maps
- Not Saved (SAVE CONF) -------------------------------------------------------
-------------------------------------------------------------------------------
PR: [DESCR:]
    INAT:         ADD: SNET:              DNET:              ANET:
    ONAT:              SPO:               DPO:               APO:          PAT:
    SIP:  DIP:         PROT:              TOUT:
-------------------------------------------------------------------------------
0   IN            SRC  Ip-1               *                  OUT-IP
    OUT                *                  *                  AUTO          YES
-------------------------------------------------------------------------------
1   IN            SRC  192.168.005.000/24 *                  217.001.001.001/32
    OUT                *                  *                  AUTO          YES
-------------------------------------------------------------------------------
2   IN            SRC  192.168.003.000/24 *                  217.001.001.002/32
    OUT                *                  *                  AUTO          YES
-------------------------------------------------------------------------------