source-nat
Function
The source-nat command enables the Source NAT function for the SLB module.
The undo source-nat command disables the Source NAT function for the SLB module.
Parameters
| Parameter | Description | Value |
|---|---|---|
| address-group address-group-name | Specifies the name of a Source NAT address pool. Post-NAT addresses are addresses in the address pool. | The address pool must already exist. |
| interface-address | Indicates that post-NAT addresses are the IP address of the packet outbound interface. | - |
Usage Guidelines
In hot standby or cross-DC cluster networking, you are advised to configure the address pool translation mode, in that the translated public IP addresses of the active and standby devices are different. If you select the outbound interface mode, services may be interrupted.
After Source NAT is enabled, the FW translates the source addresses of packets sent to a real server into addresses in the address pool or the IP address of the interface connecting to the real server. This implementation simplifies the route configuration for packets sent from the real server to clients. Only the route to the Source NAT address pool or the FW interface is required.
If the real server needs to perform authentication based on the IP addresses of packets sent from clients, Source NAT should not be enabled on the FW. If the real server is a web server and can extract the client IP address from the X-Forward-For field, this restriction can be ignored. You can run the http x-forward enable command to enable the HTTP X-Forward function on the FW. Then, the FW inserts the X-Forwarded-For field to each HTTP packet sent from a client. This field carries the real IP address of the client to the server.
The application mode of the NAT address pool referenced in the command must be PAT.