IP NAT Rules
Equalizer performs outbound NAT by creating IP NAT rules. These rules are processed when a
packet is exiting the system -unlike IP Filter rules which are processed when a packet is entering
the system. When NAT is enabled, the system automatically generates NAT rules to support the
specified configuration. The rule types are labeled
proxy port
,
ftp
,
ftp/tcp
,
tcp/udp
, etc.
These rules can are also displayed as part of the CLI output when using the
show sbr
command.
An example is shown below:
Note
- The example below is a truncated example of the
show sbr
command display. In addition to the IP NAT rules,
Default Source Selection Table, the IPv6 Default Selection Table, IP Filter Rules, and IPv6 Rules will be displayed.
IP NAT Rules:
List of active MAP/Redirect filters:
map wm0 192.168.211.0/24 -> 10.0.0.68/32 proxy port ftp ftp/tcp
map wm0 192.168.211.0/24 -> 10.0.0.68/32 portmap tcp/udp auto
map wm0 192.168.211.0/24 -> 10.0.0.68/32
map wm0 192.168.105.0/24 -> 10.0.0.68/32 proxy port ftp ftp/tcp
map wm0 192.168.105.0/24 -> 10.0.0.68/32 portmap tcp/udp auto
map wm0 192.168.105.0/24 -> 10.0.0.68/32
List of active sessions:
Three rules are added for each outbound NAT mapping. In this example, there are two mappings:
one for the 192.168.211.0/24 local network and the other for the 192.168.105.0/24 destination
network.
In this example, the rules specify that any packets that are leaving the system through the
wm0
interface with a source IP address on either the 192.168.211.0/24 or 192.168.105.0/24 network
should instead be sent with a source IP address of 10.0.0.68.
If there are any NAT connections active, they will be displayed in the list of active sessions.
Copyright © 2014 Coyote Point Systems, A Subsidiary of Fortinet, Inc.
All Rights Reserved.
137
Equalizer Administration Guide
Summary of Contents for Equalizer GX Series
Page 18: ......
Page 32: ...Overview 32 Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc ...
Page 42: ......
Page 52: ......
Page 64: ......
Page 72: ......
Page 76: ......
Page 228: ......
Page 238: ......
Page 476: ......
Page 492: ......
Page 530: ......
Page 614: ......
Page 626: ......
Page 638: ......
Page 678: ......
Page 732: ...Using SNMP Traps 732 Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc ...
Page 754: ......
Page 790: ......
Page 804: ......
Page 842: ......
Page 866: ......