Setting the source IP address-specified NAPT and the combination for NAT conversion from a destination IP address/port number to a destination IP address

Operation Confirmed Version:
 Brocade 5600vRouter Version4.2R1S1

Presumed case for sample setting

  • To set “192.168.3.3” as a destination, for communications forwarded from 192.168.2.6 to 192.168.2.50/TCP port number 80

  • To set “192.168.3.6” as a destination, for communications forwarded from 192.168.2.6 to 192.168.2.50/TCP port number 1080

  • To perform destination NAT conversion for traffic which is input to interface “dp0s5”

  • To subject packets whose source IP address is 192.168.2.0/24 to NAPT conversion

  • To subject packets which are output from interface “dp0s6” to NAPT conversion

Configuration diagram
Fig5-1

Setting flow in a presumed case

  • NAT setting regarding the combination of a destination IP address and port number

1.Setting the destination NAT rule for IP address “192.168.2.50” to be converted and port number 80 as 10
2.Applying to traffic which is input to interface “dp0s5”
3.Specifying TCP communications as conversion targets
4.Setting the post-conversion destination IP address to “192.168.3.3”
5.Setting the destination NAT rule for IP address “192.168.2.50” to be converted and port number 1080 as 11
6.Applying to traffic which is input to interface “dp0s5”
7.Specifying TCP communications as conversion targets
8.Setting the post-conversion destination IP address to “192.168.3.6”
  • NAPT setting regarding a source IP address

1.Setting the NAT rule name for source IP conversion as 10
2.Setting NAPT-target IP address “192.168.2.0/24”
3.Specifying an output interface for execution of NAPT conversion
4.Making a setting “masquerade” which causes NAPT to result after conversion.

Command to be entered with CLI

set service nat destination rule 10 destination address '192.168.2.50'
set service nat destination rule 10 destination port '80'
set service nat destination rule 10 inbound-interface 'dp0s5'
set service nat destination rule 10 protocol 'tcp'
set service nat destination rule 10 translation address '192.168.3.3'
set service nat destination rule 11 destination address '192.168.2.50'
set service nat destination rule 11 destination port '1080'
set service nat destination rule 11 inbound-interface 'dp0s5'
set service nat destination rule 11 protocol 'tcp'
set service nat destination rule 11 translation address '192.168.3.8'
set service nat source rule 10 source address '192.168.2.0/24'
set service nat source rule 10 outbound-interface 'dp0s6'
set service nat source rule 10 translation address 'masquerade'
The configuration after completion of appropriate settings is as follows.
service {
        nat {
                destination {
                        rule 10 {
                                destination {
                                        address 192.168.2.50
                                        port 80
                                }
                                inbound-interface dp0s5
                                protocol tcp
                                translation {
                                        address 192.168.3.3
                                }
                        }
                        rule 11 {
                                destination {
                                        address 192.168.2.50
                                        port 1080
                                }
                                inbound-interface dp0s5
                                protocol tcp
                                translation {
                                        address 192.168.3.8
                                }
                        }
                }
                source {
                        rule 10 {
                                outbound-interface dp0s6
                                source {
                                        address 192.168.2.0/24
                                }
                                translation {
                                        address masquerade
                                }
                        }
                }
        }
}

Operation check result

Communications forwarded from a client terminal to “192.168.2.50:80” and “192.168.2.50:1080” succeeded.
Accesses were confirmed through the access logs of the web servers of “192.168.3.3” and “192.168.3.6”, and thus it was also confirmed that the NAT regarding the combination of a destination IP address and port number has been properly set.
Accesses from “192.168.3.5” were confirmed through the access logs of the server, and thus it was also confirmed that the NAPT conversion of the source IP address was properly performed at interface “dp0s6”.
    ##From Client to 192.168.2.50:80  → OK

    test@ubu01:~$ wget -O - http://192.168.2.50/ > /dev/null
    --2016-07-29 13:57:07--  http://192.168.2.50/
    Connecting to 192.168.2.50:80 ... Connected
200 OK
    Length: 616 [text/html]
    `STDOUT' saved

    100%[========================================================================================================================================================================================================>] 616         --.-K/s   Time 0s

    2016-07-29 13:57:07 (166 MB/s) - stdout saved [616/616]

    test@ubu01:~$

#From Client to 192.168.2.50:1080 → OK

    test@ubu01:~$ wget -O - http://192.168.2.50:1080/ > /dev/null
    --2016-07-29 13:57:16--  http://192.168.2.50:1080/
    Connecting to 192.168.2.50:1080 ... Connected
200 OK
    Length: 616 [text/html]
    `STDOUT' saved

    100%[========================================================================================================================================================================================================>] 616         --.-K/s   Time 0s

    2016-07-29 13:57:16 (33.8 KB/s) - stdout saved [616/616]

    #192.168.3.3(Web Server) Access Log

    test@web1:~$ tail /usr/local/nginx/logs/access.log

    192.168.2.6 - - [26/Jul/2016:11:29:10 +0900] "GET / HTTP/1.1" 200 616 "-" "Wget/1.15 (linux-gnu)" "-"
    192.168.2.6 - - [29/Jul/2016:10:50:25 +0900] "GET / HTTP/1.1" 200 616 "-" "Wget/1.15 (linux-gnu)" "-"
    192.168.3.5 - - [29/Jul/2016:10:53:59 +0900] "GET / HTTP/1.1" 200 616 "-" "Wget/1.15 (linux-gnu)" "-"
    192.168.3.5 - - [29/Jul/2016:11:40:57 +0900] "GET / HTTP/1.1" 200 616 "-" "Wget/1.15 (linux-gnu)" "-"
    192.168.3.5 - - [29/Jul/2016:13:46:16 +0900] "GET / HTTP/1.1" 200 616 "-" "Wget/1.15 (linux-gnu)" "-"
    192.168.3.5 - - [29/Jul/2016:13:57:06 +0900] "GET / HTTP/1.1" 200 616 "-" "Wget/1.15 (linux-gnu)" "-"


#192.168.3.6(Web Server) Access Log

    test@web2:~$ tail /usr/local/nginx/logs/access.log

    192.168.3.5 - - [29/Jul/2016:13:57:27 +0900] "GET / HTTP/1.1" 200 616 "-" "Wget/1.15 (linux-gnu)"