rule (Services NAT)
Syntax
rule rule-name {
match-direction (input | output);
term term-name {
from {
application-sets set-name;
applications [ application-names ];
destination-address (address | any-unicast) <except>;
destination-address-range low minimum-value high maximum-value <except>;
destination-port range high maximum-value low minimum-value;
source-address (address | any-unicast) <except>;
source-address-range low minimum-value high maximum-value <except>;
}
then {
no-translation;
port-forwarding-mappings map-name;
translated {
address-pooling paired;
clat-prefix clat-prefix;
destination-pool nat-pool-name;
destination-prefix destination-prefix; destination-prefix;
dns-alg-pool dns-alg-pool;
dns-alg-prefix dns-alg-prefix;
filtering-type endpoint-independent;
mapping-type endpoint-independent;
overload-pool overload-pool;
overload-prefix overload-prefix;
source-pool nat-pool-name;
source-prefix source-prefix;
translation-type (basic-nat-pt | basic-nat44 | basic-nat66 | deterministic-napt44 | deterministic-napt64 |dnat-44 | dynamic-nat44 | napt-44 | napt-66 | napt-pt | stateful-nat464 | stateful-nat64 | twice-basic-nat-44 | twice-dynamic-nat-44 | twice-napt-44);
}
}
syslog;
}
}
}
Description
Specify the rule the router uses when applying this service.
Note:
You are limited to a maximum of 200 terms for a NAT rule that is applied to an inline services (type si) interface. If you specify more than 200 terms, you will receive following error when you commit the configuration:
[edit]
'service-set service-set-name'
NAT rule rule-name with more than 200 terms is disallowed for si-n/n/n.n
error: configuration check-out failed Options
| rule-name | Identifier for the collection of terms that make up this rule. |
The remaining statements are explained separately.
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
Release Information
Statement introduced before Junos OS Release 7.4.