Address And Port Groups - Brocade Communications Systems 5600 Reference Manual

Address and port groups

against the first rule and if it does not match, it is tested against the second rule, and so on until it
matches a rule.
In the example, a packet with a destination in 192.168.50.0/24 does not meet the match criteria in rule
10, which matches all packets with a destination not in 192.168.50.0/24. As a result, the packet "falls
through" to rule 20. A packet with a destination in 192.168.50.0/24 does match rule 20 because it is
not in 172.16.50.0/24; therefore, the packet has NAT applied, which is not the desired result.
Similarly, a packet with a destination in 172.16.50.0/24 is matched and has NAT applied by rule 10.

Address and port groups

The following example shows how to configure address groups and applying NAT rules to them.
TABLE 13
Step
Configure address and
port to join a group
named foo.
Create a source NAT
rule.
Commit the changes.
Show the NAT
configuration.
42
Configuring address groups and applying NAT rules
Command
vyatta@vyatta# set resources group port-group bar port 1
vyatta@vyatta# set resources group port-group bar port 121
vyatta@vyatta# commit
vyatta@vyatta# show resources
resources {
group {
}
}
vyatta@vyatta# set service nat source rule 200 source address
foo
vyatta@vyatta# set service nat source rule 200 source port bar
vyatta@vyatta# set service nat source rule 200 protocol tcp
vyatta@vyatta# set service nat source rule 200 translation
address 20.20.10.0/24
vyatta@vyatta# set service nat source rule 200 translation port
http
vyatta@vyatta# set service nat source rule 200 outbound-
interface dp0s224
vyatta@vyatta# commit
vyatta@vyatta# show service nat source rule 200
outbound-interface dp0s224
protocol tcp
source {
address foo
port bar
}
translation {
address 20.20.10.0/24
port http
}
address-group foo {
address 1.1.1.0/24
address 2.2.0.0/16
address 12.32.223.3
}
port-group bar {
port 1
port 121
}
Brocade 5600 vRouter NAT Reference Guide
53-1003718-03