service nat source rule <rule-number> destination <address>
Specifies a destination address and port to match in a NAT source rule.
- rule-number
- The numeric identifier of a rule. The identifier ranges from 1 through 9999.
- address
- A destination address to match. Address formats are as follows:
ip-address: An IP address.
ip-address/prefix: An IPv4 network address, where 0.0.0.0/0 matches any network.
!ip-address: All IPv4 addresses except the one specified.
!ip-address/prefix: All IPv4 network addresses except the one specified.
- port
- A destination port to match. Port formats are as follows:
port-name: The name of an IP service; for example, http. You can specify any service name in the etc/services file.
port-number: A port number. The number ranges from 1 through 65535.
start-end: A range of ports; for example, 1001-1005.
Configuration mode
service {
nat {
source {
rule rule-number {
address address
port port
}
}
}
}
Use care when employing more than one exclusion rule (using the ! symbol), that is, when combining more than one negation operator. NAT rules are evaluated sequentially, and a sequence of exclusion rules could result in unexpected behavior.
Use the set form of this command to specify a destination address and port to match a NAT source rule (destination filter).
Use the delete form of this command to remove a destination filter for a NAT source rule.
Use the show form of this command to view a destination filter for a NAT source rule.