NAT conversion of a destination IP address from a destination IP address and port number

Operation Confirmed Version:
 Brocade 5600vRouter Version4.2R1S1
Make settings for converting communications corresponding to a specific destination IP address and port number into a different IP address with the specified interface.

Presumed case for sample setting

  • To set “192.168.3.3” as a destination, for communications forwarded from 192.168.2.6 to 192.168.2.50/TCP port number 80

  • To set “192.168.3.6” as a destination, for communications forwarded from 192.168.2.6 to 192.168.2.50/TCP port number 1080

  • To perform destination NAT conversion for traffic which is input to interface “dp0s5”

Configuration diagram
fw_nat_fig4

Setting flow in a presumed case

1.Setting the destination NAT rule for IP address “192.168.2.50” to be converted and port number 80 as 10
2.Applying to traffic which is input to interface “dp0s5”
3.Specifying TCP communications as conversion targets
4.Setting the post-conversion destination IP address to “192.168.3.3”
5.Setting the destination NAT rule for IP address “192.168.2.50” to be converted and port number 1080 as 11
6.Applying to traffic which is input to interface “dp0s5”
7.Specifying TCP communications as conversion targets
8.Setting the post-conversion destination IP address to “192.168.3.6”

Command to be entered with CLI

set service nat destination rule 10 destination address '192.168.2.50'
set service nat destination rule 10 destination port '80'
set service nat destination rule 10 inbound-interface 'dp0s5'
set service nat destination rule 10 protocol 'tcp'
set service nat destination rule 10 translation address '192.168.3.3'
set service nat destination rule 11 destination address '192.168.2.50'
set service nat destination rule 11 destination port '1080'
set service nat destination rule 11 inbound-interface 'dp0s5'
set service nat destination rule 11 protocol 'tcp'
set service nat destination rule 11 translation address '192.168.3.6'
The configuration after completion of appropriate settings is as follows.
 service {
        nat {
                destination {
                        rule 10 {
                                destination {
                                        address 192.168.2.50
                                        port 80
                                }
                                inbound-interface dp0s5
                                protocol tcp
                                translation {
                                        address 192.168.3.3
                                }
                        }
                        rule 11 {
                                destination {
                                        address 192.168.2.50
                                        port 1080
                                }
                                inbound-interface dp0s5
                                protocol tcp
                                translation {
                                        address 192.168.3.6
                                }
                        }
                }
        }
}

Operation check result

Communications forwarded from a client terminal to “192.168.2.50:80” and “192.168.2.50:1080” succeeded.
Accesses were confirmed through the access logs of the web servers of “192.168.3.3” and “192.168.3.6”, and thus it was also confirmed that the NAT regarding the combination of a destination IP address and port number has been properly set.
    #From Client to 192.168.2.50:80 → OK

    test@ubu01:~$ wget -O - http://192.168.2.50/ > /dev/null
    --2016-07-29 13:57:07--  http://192.168.2.50/
    Connecting to 192.168.2.50:80 ... Connected
    200 OK
    Length: 616 [text/html]
    `STDOUT' saving

    100%[========================================================================================================================================================================================================>] 616         --.-K/s   Time 0s

    2016-07-29 13:57:07 (166 MB/s) - stdout saved [616/616]

    test@ubu01:~$

#From Client to 192.168.2.50:1080 → OK

    test@ubu01:~$ wget -O - http://192.168.2.50:1080/ > /dev/null
    --2016-07-29 13:57:16--  http://192.168.2.50:1080/
    Connecting to 192.168.2.50:1080 ... Connected
    200 OK
    Length: 616 [text/html]
    `STDOUT' saving

    100%[========================================================================================================================================================================================================>] 616         --.-K/s   Time 0.02s

    2016-07-29 13:57:16 (33.8 KB/s) - stdout saved [616/616]


    #192.168.3.3 Webサーバ Access Logs

    test@web1:~$ tail /usr/local/nginx/logs/access.log

    192.168.3.5 - - [29/Jul/2016:10:53:59 +0900] "GET / HTTP/1.1" 200 616 "-" "Wget/1.15 (linux-gnu)" "-"
    192.168.3.5 - - [29/Jul/2016:11:40:57 +0900] "GET / HTTP/1.1" 200 616 "-" "Wget/1.15 (linux-gnu)" "-"
    192.168.3.5 - - [29/Jul/2016:13:46:16 +0900] "GET / HTTP/1.1" 200 616 "-" "Wget/1.15 (linux-gnu)" "-"
    192.168.3.5 - - [29/Jul/2016:13:57:06 +0900] "GET / HTTP/1.1" 200 616 "-" "Wget/1.15 (linux-gnu)" "-"

    #192.168.3.6 Webサーバ Access Logs

    test@web2:~$ tail /usr/local/nginx/logs/access.log

    192.168.3.5 - - [29/Jul/2016:13:57:27 +0900] "GET / HTTP/1.1" 200 616 "-" "Wget/1.15 (linux-gnu)"