[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Defining Rules for Transparent NAT

On the Services Router, you can define a rule to perform NAT selectively. This method is useful when you want to perform NAT on a large prefix that includes a few addresses that you do not want to translate. Instead of defining multiple terms to specify source addresses for translation, you can define two terms—one to specify the source prefix for translation and the other to specify source addresses in this prefix that are to be skipped.

This example shows how to define rules to perform NAT selectively by using the terms described in Table 88.

Table 88: Sample Terms for Defining Rules for Transparent NAT

Term

Purpose

selective-term

Skips source prefix 192.168.1.1/24 from network address translation.

accept-all-term

Dynamically translates all addresses besides prefix 192.168.1.1/24 to an address from the defined source pool.

To define a rule for transparent NAT:

  1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
  2. Perform the configuration tasks described in Table 89.
  3. Apply the NAT configuration to an interface. See Applying NAT to an Interface.

Table 89: Defining Rules for Transparent NAT

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the Nat level in the configuration hierarchy.
  1. In the J-Web interface, select Configuration>View and Edit>Edit Configuration.
  2. Next to Services, click Configure or Edit.
  3. Next to Nat, click Configure or Edit.

From the [edit] hierarchy level, enter

edit services nat

Define nat-pool and assign it an address range to be used for network address translation.

  1. Next to Pool, click Add new entry.
  2. In the Pool Name box, type nat-pool.
  3. Next to Address range, click Add new entry.
  4. In the High box, type 10.10.10.16.
  5. In the Low box, type 10.10.10.1.
  6. Click OK.

Set the address pool name and the address range:

set pool nat-pool address-range high 10.10.10.16 low 10.10.10.1

Specify the source port pool to be automatically assigned by the router.
  1. On the Pool page, next to Port, click Configure.
  2. From the Port choice list, select Automatic.
  3. Click OK twice.

Configure the source port translation to be automatic:

set pool nat-pool port automatic

Define selective-rule and set its match direction.
  1. On the Nat page, next to Rule, click Add new entry.
  2. In the Rule name box, type selective-rule.
  3. From the Match direction list, select input.

Set the rule and its match direction:

set rule selective-rule match-direction input

Define selective-term for selective-rule.
  1. Next to Term, click Add new entry.
  2. In the Term name box, type selective-term.

Set the term:

set rule selective-rule term selective-term

Define the match condition for selective-term—the source prefix 192.168.1.1/24.
  1. Next to From, click Configure.
  2. Next to Source address, click Add new entry.
  3. From the Address list, select Enter Specific Value.
  4. In the Prefix box, type 192.168.1.1/24.
  5. Click OK twice.

Set the match condition for the term:

set rule selective-rule term selective-term from source-address 192.168.1.1/24

Define an action for selective-term—no translation. The packets coming from the prefix 192.168.1.1/24 are skipped and not translated.
  1. Next to Then, click Configure.
  2. From the Designation list, select No translation.
  3. Click OK twice.

Set the action for selective-term:

set rule selective-rule term selective-term then no-translation

Define accept-all-term for selective-rule.
  1. Next to Term, click Add new entry.
  2. In the Term name box, type accept-all-term.

Specify a term for selective-rule:

set rule selective-rule term accept-all-term

Define an action for accept-all-term and set the translation type for it.
  1. Next to Then, click Configure.
  2. From the Designation list, select Translated.
  3. Next to Translated, click Configure.
  4. From the Source Translation Type list, select dynamic.
  5. From the Source pool choice list, select Source pool.
  6. In the Source pool box, type nat-pool.
  7. Click OK.

Set the action for accept-all-term:

set rule selective-rule term accept-all-term then translated translation-type source dynamic

set rule selective-rule term accept-all-term then translated source-pool nat-pool

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[an error occurred while processing this directive]