show security nat source rule
Syntax
show security nat static rule rule-name all logical-system (logical-system-name ) root-logical-system tenant (tenant-name )
Description
Display information about the specified source Network Address Translation (NAT) rule.
Options
| rule-name | Name of the rule. |
| all | Display information about all the source NAT rules. |
| logical-system | Display
information about the source NAT rules for a specified logical system.
Specify |
| root-logical-system | Display information about the source NAT rules for the primary (root) logical system. |
| tenant | Display information
about the source NAT rules for a specified tenant system. Specify |
Required Privilege Level
view
Output Fields
Table 1 lists the output fields for the show security nat source rule command. Output fields are listed in the approximate order in which they appear
Field Name |
Field Description |
|---|---|
Source NAT rule |
Name of the source NAT rule. |
Total rules |
Number of source NAT rules. |
Total referenced IPv4/IPv6 ip-prefixes |
Number of IP prefixes referenced in source, destination, and static NAT rules. This total includes the IP prefixes configured directly, as address names, and as address set names in the rule. |
Description |
Description of the source NAT rule. |
Rule-Id |
Rule identification number. |
Rule position |
Position of the source NAT rule. |
From zone |
Name of the zone from which the packets flow. |
To zone |
Name of the zone to which the packets flow. |
From routing instance |
Name of the routing instance from which the packets flow. |
To routing instance |
Name of the routing instance to which the packets flow. |
From interface |
Name of the interface from which the packets flow. |
To interface |
Name of the interface to which the packets flow. |
Source addresses |
Name of the source addresses that match the rule. |
Source port |
Source port numbers that match the rule. |
Destination address |
Name of the destination addresses that match the rule. |
Destination ports |
Destination port numbers that match the rule. |
Application |
Indicates whether the application option is configured. |
Action |
The action taken in regard to a packet that matches the rule’s tuples. Actions include the following:
|
Persistent NAT type |
Persistent NAT type. |
Persistent NAT mapping type |
Persistent NAT mapping type. |
Inactivity timeout |
Inactivity timeout for persistent NAT binding. |
Max session number |
Maximum number of sessions. |
Translation hits |
Number of translation hits. |
Successful sessions |
Number of successful session installations after the NAT rule is matched. |
Failed sessions |
Number of unsuccessful session installations after the NAT rule is matched. |
Number of sessions |
Number of sessions that reference the specified rule. |
Sample Output
show security nat source rule rule_namelength_is_now_changed_upto_63_characters_length
user@host> show security nat source rule rule_namelength_is_now_changed_upto_63_characters_length
source NAT rule: rule_namelength_is_now_changed_upto_63_characters_length
Rule set : ruleset_namelength_now_changed_upto_63_characters_length
Rule Id : 1
Rule position : 1
From zone : trust
To zone : untrust
Match
Source addresses : 192.0.2.0 - 192.0.2.255
Action : src_v4_pool-namelength-is-now-changed-upto-63-characters-length
Persistent NAT type : N/A
Persistent NAT mapping type : address-port-mapping
Inactivity timeout : 0
Max session number : 0
Translation hits : 0
Successful sessions : 0
Number of sessions : 0
Sample Output
- show security nat source rule all (SRX Series Firewalls)
- show services nat source rule all (MX-SPC3)
show security nat source rule all (SRX Series Firewalls)
user@host> show security nat source rule all
Logical system: root
Total rules: 1
Total referenced IPv4/IPv6 ip-prefixes: 3/0
source NAT rule: r2 Rule-set: rs2
Rule-Id : 2
Rule position : 1
From zone : trust
To zone : untrust
Match
Source addresses : 192.0.2.0 - 192.0.2.255
Destination addresses : 203.0.113.0 - 203.0.113.255
198.51.100.0 - 198.51.100.255
Application : configured
Action : off
Persistent NAT type : N/A
Persistent NAT mapping type : address-port-mapping
Inactivity timeout : 0
Max session number : 0
Translation hits : 0
Successful sessions : 0
Failed sessions : 0
Number of sessions : 0
show services nat source rule all (MX-SPC3)
user@host> show services nat source rule all
Total rules: 1
Total referenced IPv4/IPv6 ip-prefixes: 1/0
Interface: vms-4/0/0 , Service set: ss1
source NAT rule: NAT_RULE1--WEB-MX-SPC3NAT_WEB_MX_SPC3NAT_web-mx--spc3_NAT-RULE
Rule set : NAT_RULE-SET1--WEB-MX-SPC3NAT_WEB_MX_SPC3NAT_web-mx--spc3_RSET
Rule Id : 1
Rule position : 1
Match
Source addresses : 0.0.0.0 - 255.255.255.255
Application : configured
Action : NAT_POOL1--WEB-MX-SPC3NAT_WEB_MX_SPC3NAT_web-mx--spc3_NAT-POOL
Syslog : enabled
Mapping-type : N/A
Translation hits : 0
Successful sessions : 0
Failed sessions : 0
Number of sessions : 0
Sample Output
show security nat source rule all tenant
user@host> show security nat source rule all tenant tn1
Total rules: 1
Total referenced IPv4/IPv6 ip-prefixes: 2/0
source NAT rule: r1 Rule-set: from_intf
Rule-Id : 1
Rule position : 1
From interface : ge-0/0/0.0
To interface : ge-0/0/1.0
Match
Source addresses : 192.168.1.0 - 192.168.1.255
Destination addresses : 203.0.113.200 - 203.0.113.200
Action : pat
Persistent NAT type : N/A
Persistent NAT mapping type : address-port-mapping
Inactivity timeout : 0
Max session number : 0
Translation hits : 0
Successful sessions : 0
Failed sessions : 0
Number of sessions : 0
Release Information
Command introduced in Junos OS Release 9.2. Support.
The Description output field added in Junos OS Release 12.1.
Support for IPv6 logical systems and the Source port, Successful sessions, Failed sessions, and Number of sessions output fields added in Junos OS Release 12.1X45-D10.
Output for multiple destination ports and the application output field added in Junos OS Release 12.1X47-D10.
The tenant option is introduced in Junos OS Release 18.3R1.