Using the port-mapping command, you can configure port mapping.
Using the undo port-mapping command, you can cancel the above configuration.
port-mapping application-name port port-number acl acl-number
undo port-mapping [ application-name port port-number acl acl-number ]
| Parameter | Description | Value |
|---|---|---|
application-name |
Specifies the mapped application. |
The value must be the name of an existing application. |
port-number |
Specify the destination port to be mapped. |
It is an integer that ranges from 0 to 65535. |
acl-number |
Specifies the number of an ACL. |
It is an integer that ranges from 2000 to 2999. |
If a user uses an ephemeral port for a well-known service, enable the port mapping function for the FW to identify the well-known service and accurately process the service data.
The port mapping is actually the application identification for packets that access a specified IP address (for example the FTP server). Therefore, when matching the basic ACL rule, the device uses destination address of the packet to match the source address defined by the ACL rule.
When configuring the port mapping, you can map an application to multiple ports. A port can be mapped to multiple applications, but the applications must be differentiated through ACL. Packets with different ACLs are matched by using different mappings.
The port mapping function supports only IPv4.
# Configure port mapping to map the packets whose destination IP address is 192.168.0.1 and destination port is 2121 to FTP packets.
<sysname> system-view [sysname] acl 2000 [sysname-acl-basic-2000] rule permit source 192.168.0.1 0 [sysname-acl-basic-2000] quit [sysname] port-mapping FTP port 2121 acl 2000