NAPT Conversion of a Source IP Address

Operation Confirmed Version:
 Brocade 5600vRouter Version4.2R1S1
This section describes the NAPT function in terms of packets sent from networks in a specific source address range.

Presumed case for sample setting

  • To subject packets whose source IP address is 192.168.2.0/24 to NAPT conversion

  • To subject packets which are output from interface “dp0s6” to NAPT conversion

Configuration diagram
fw_nat_fig3

Setting flow in a presumed case

1.Setting the NAT rule name for source IP conversion as 10
2.Setting NAPT-target IP address “192.168.2.0/24”
3.Specifying an output interface for execution of NAPT conversion
4.Making a setting “masquerade” which causes NAPT to result after conversion.

Command to be entered with CLI

set service nat source rule 10 source address '192.168.2.0/24'
set service nat source rule 10 outbound-interface 'dp0s6'
set service nat source rule 10 translation address 'masquerade'
The configuration after completion of appropriate settings is as follows.
 service {
        nat {
                source {
                        rule 10 {
                                outbound-interface dp0s6
                                source {
                                        address 192.168.2.0/24
                                }
                                translation {
                                        address masquerade
                                }
                        }
                }
        }
}

Operation check result

HTTP communications forwarded from server “192.168.2.6” to server “192.168.3.3” succeeded.
Conversion of the accessed IP address into “192.168.3.5” was confirmed through the access logs of the web server, and thus it was also confirmed that the NAPT function worked for source IP address “192.168.2.0/24”.
# Server (192.168.2.6) to Web Server(192.168.3.5) → OK

test@ubu01:~$ wget -O - http://192.168.3.5/ > /dev/null
--2016-07-29 13:46:17--  http://192.168.3.5/
Connecting to 192.168.2.50:80 ... Connected
200 OK
Length: 616 [text/html]
`STDOUT' saving

100%[========================================================================================================================================================================================================>] 616         --.-K/s   Time 0s

2016-07-29 13:46:17 (161 MB/s) - stdout saved [616/616]

# Web Server Access Log

test@web1:~$ tail /usr/local/nginx/logs/access.log

192.168.2.6 - - [26/Jul/2016:11:29:10 +0900] "GET / HTTP/1.1" 200 616 "-" "Wget/1.15 (linux-gnu)" "-"
192.168.2.6 - - [29/Jul/2016:10:50:25 +0900] "GET / HTTP/1.1" 200 616 "-" "Wget/1.15 (linux-gnu)" "-"
192.168.3.5 - - [29/Jul/2016:10:53:59 +0900] "GET / HTTP/1.1" 200 616 "-" "Wget/1.15 (linux-gnu)" "-"
192.168.3.5 - - [29/Jul/2016:11:40:57 +0900] "GET / HTTP/1.1" 200 616 "-" "Wget/1.15 (linux-gnu)" "-"
192.168.3.5 - - [29/Jul/2016:13:46:16 +0900] "GET / HTTP/1.1" 200 616 "-" "Wget/1.15 (linux-gnu)" "-"