The destination-nat command configures the destination NAT function to translate the addresses and port numbers of packets matching specific ACL rules.
The undo destination-nat command deletes the destination NAT function.
destination-nat acl-number address ip-address [ port port-number ]
undo destination-nat acl-number address ip-address [ port port-number ]
| Parameter | Description | Value |
|---|---|---|
| acl-number | Specifies the ACL group number. | It is an integer that ranges from 2000 to 3999. |
| address ip-address | Specifies the destination IP address after NAT. | The value is in decimal dotted notation. The IP address can only be class A, class B or class C. |
| port port-number | Specifies the destination port number. | It is an integer that ranges from 1 to 65535. |
In the same security zone, one ACL can be bound to only one WAP gateway IP address.
If you have configured the port-based destination-nat function, the device can translate TCP and UDP packets only.
Because all packets that match an ACL will be translated, you must configure strict ACLs to translate packets only you wish to translate without disturbing other packets.
By default, the destination NAT function is not configured.
Only the USG6510E/6510E-POE/6530E does not support this command.
# Translate the destination IP address of the packets from IP address 10.0.0.1 to 1.1.1.2.
<sysname> system-view [sysname] acl 3333 [sysname-acl-adv-3333] rule permit ip source 10.0.0.1 0 [sysname-acl-adv-3333] quit [sysname] firewall zone trust [sysname-zone-trust] destination-nat 3333 address 1.1.1.2