rule (Services NAT)
语法
rule rule-name {
match-direction (input | output);
term term-name {
from {
application-sets set-name;
applications [ application-names ];
destination-address (address | any-unicast) <except>;
destination-address-range low minimum-value high maximum-value <except>;
destination-port range high maximum-value low minimum-value;
source-address (address | any-unicast) <except>;
source-address-range low minimum-value high maximum-value <except>;
}
then {
no-translation;
port-forwarding-mappings map-name;
translated {
address-pooling paired;
clat-prefix clat-prefix;
destination-pool nat-pool-name;
destination-prefix destination-prefix; destination-prefix;
dns-alg-pool dns-alg-pool;
dns-alg-prefix dns-alg-prefix;
filtering-type endpoint-independent;
mapping-type endpoint-independent;
overload-pool overload-pool;
overload-prefix overload-prefix;
source-pool nat-pool-name;
source-prefix source-prefix;
translation-type (basic-nat-pt | basic-nat44 | basic-nat66 | deterministic-napt44 | deterministic-napt64 |dnat-44 | dynamic-nat44 | napt-44 | napt-66 | napt-pt | stateful-nat464 | stateful-nat64 | twice-basic-nat-44 | twice-dynamic-nat-44 | twice-napt-44);
}
}
syslog;
}
}
}
描述
指定路由器在应用此服务时使用的规则。
注意:
对于应用于内联服务(类型 si)接口的 NAT 规则,您最多只能使用 200 个术语。如果指定的术语超过 200 个,则在提交配置时将收到以下错误:
[edit]
'service-set service-set-name'
NAT rule rule-name with more than 200 terms is disallowed for si-n/n/n.n
error: configuration check-out failed
选项
| rule-name | 构成此规则的术语集合的标识符。 |
其余语句将单独解释。
所需权限级别
接口 — 在配置中查看此语句。
接口控制 — 将此语句添加到配置中。
发布信息
在 Junos OS 7.4 版之前引入的语句。