Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

service nat source rule <rule-number> destination <address>

Specifies a destination address and port to match in a NAT source rule.

set service nat source rule rule-number destination { address address | port port }
delete service nat source rule rule-number destination [ address | port ]
show service nat source rule rule-number destination [ address | port ]
rule-number
The numeric identifier of a rule. The identifier ranges from 1 through 9999.
address
A destination address to match. Address formats are as follows:

ip-address: An IP address.

ip-address/prefix: An IPv4 network address, where 0.0.0.0/0 matches any network.

!ip-address: All IPv4 addresses except the one specified.

!ip-address/prefix: All IPv4 network addresses except the one specified.

port
A destination port to match. Port formats are as follows:

port-name: The name of an IP service; for example, http. You can specify any service name in the etc/services file.

port-number: A port number. The number ranges from 1 through 65535.

start-end: A range of ports; for example, 1001-1005.

Configuration mode

service {
    nat {
        source {
            rule rule-number {
                address address
                port port
            }
        }
    }
}

Use care when employing more than one exclusion rule (using the ! symbol), that is, when combining more than one negation operator. NAT rules are evaluated sequentially, and a sequence of exclusion rules could result in unexpected behavior.

Use the set form of this command to specify a destination address and port to match a NAT source rule (destination filter).

Use the delete form of this command to remove a destination filter for a NAT source rule.

Use the show form of this command to view a destination filter for a NAT source rule.