The action command specifies an action in a NAT policy rule.
The undo action command cancels the preceding configuration.
action { source-nat { easy-ip | address-group address-group-name | static-mapping [ mapping-id ] } | no-nat }
action destination-nat { address ip-address | address-group address-group-name } [ port ]
action destination-nat static address-to-address { address ip-address | address-group address-group-name } [ port ]
action destination-nat static port-to-port { address ip-address | address-group address-group-name } { port-start [ to port-end ] } & <1-64>
action destination-nat static port-to-address { address ip-address | address-group address-group-name } port
action destination-nat static address-to-port { address ip-address | address-group address-group-name } { port-start [ to port-end ] } & <1-64>
action { source-nat | destination-nat } nptv6 ipv6-prefix nptv6_prefix_len
action source-nat static ipv6-prefix static_prefix_len
action destination-nat static ipv6-prefix static_prefix_len [ port ]
undo action { source-nat | destination-nat }
| Parameter | Description | Value |
|---|---|---|
source-nat |
Performs source NAT for a data flow. |
- |
easy-ip |
Indicates the outbound interface address mode that translates source IP addresses into a public address of an outbound interface. NOTE:
In hot standby or cross-DC cluster networking, you are advised to configure the address pool translation mode, in that the translated public IP addresses of the active and standby devices are different. If you select the outbound interface mode, services may be interrupted. |
- |
address-group address-group-name |
Specifies the name of a NAT address pool. |
The address pool must exist. |
static-mapping [ mapping-id ] |
Specifies the static mapping ID based on which the device performs NAT. If mapping-id is specified, the device performs NAT based on this static mapping. If no mapping-id is specified, the device traverses all mappings from the one with the smallest ID until it finds the matching one. Then, the device performs NAT based on the matching static mapping. If no match is found, the device does not perform NAT based on static mapping, regardless of whether mapping-id is specified. |
The static mapping ID must exist. |
no-nat |
Disables NAT for data flows. |
- |
destination-nat |
Performs destination NAT for a data flow. |
- |
static |
Indicates static destination NAT, in which the public and private addresses have fixed mapping. If you do not set this parameter, dynamic NAT is used, the public and private addresses do not have fixed mapping, and the public address is randomly translated into an address in the destination address pool. |
- |
address-to-address |
Indicates one-to-one mapping between the public and private addresses, which applies to a scenario where a public address is used to access a private address or multiple public addresses are used to access multiple private addresses. |
- |
port-to-port |
Indicates one-to-one mapping between the public and private ports, which applies to a scenario where multiple ports of a public address are used to access multiple ports of a private address. |
- |
port-to-address |
Indicates one-to-one mapping between multiple ports of a public address and multiple private addresses, which applies to a scenario where multiple ports of a public address are used to access multiple private addresses. |
- |
address-to-port |
Indicates one-to-one mapping between multiple public addresses and multiple ports of a private address, which applies to a scenario where multiple public addresses are used to access multiple ports of a private address. |
- |
port |
Specifies the port after translation. |
The value is an integer ranging from 1 to 65535. |
port-start [ to port-end ] |
Specifies the port range after translation. |
The value is an integer ranging from 1 to 65535. |
nptv6 |
Sets the translation mode to NPTv6. |
- |
static |
Sets the translation mode to static. |
When configuring static NAT66, ensure that the length of the address prefix in the matching condition is the same as the length of the address prefix after translation. |
ipv6-prefix |
Indicates the IPv6 prefix range. |
- |
nptv6_prefix_len |
Specifies the IPv6 prefix length in NPTv6 mode. |
The value is an integer ranging from 4 to 64. |
static_prefix_len |
Specifies the IPv6 prefix length in static mode. |
The value is an integer ranging from 4 to 128. |
The no-nat parameter is used for some clients. For example, when NAT is required for all addresses of the network segment 192.168.1.0/24 except 192.168.1.2, you can configure a translation rule in which the source address is set to 192.168.1.2 and disable NAT for packets originating at 192.168.1.2. Then configure another translation rule for performing NAT for packets originating at the network segment 192.168.1.0/24.
By default, no action is configured in a NAT policy rule.
# Configure a NAT policy rule named abc, in which NAT is enabled for data flows and an address pool group1 is used.
<sysname> system-view [sysname] nat-policy [sysname-policy-nat] rule name abc [sysname-policy-nat-rule-abc] source-zone trust [sysname-policy-nat-rule-abc] action source-nat address-group group1