service nat destination rule <rule-number> source <address>
Specifies a source address and port to match in a NAT destination rule.
- rule-number
- The numeric identifier of a rule. The identifier ranges from 1 through 9999.
- address
- A source address to match. Address formats are as follows:
ip-address: An IP address.
ip-address/prefix: A network address, where 0.0.0.0/0 matches any network.
!ip-address: All IP addresses except the one specified.
!ip-address/prefix: All network addresses except the one specified.
- port
- A source port to match. Port formats are as follows:
port-name: The name of an IP service; for example, http. You can specify any service name in the etc/services file.
port-number: A port number. The number ranges from 1 through 65535.
start-end: A range of ports; for example, 1001-1005.
Configuration mode
service {
nat {
destination {
rule rule-number {
source {
address address
port port
}
}
}
}
}Use care when employing more than one exclusion rule (using the ! symbol), that is, when combining more than one negation operator. NAT rules are evaluated sequentially, and a sequence of exclusion rules could result in unexpected behavior.
Use the set form of this command to specify a source address and port to match in a NAT rule (source filter).
Use the delete form of this command to remove a source filter.
Use the show form of this command to view a source filter.