Skip to main content
API Version:
v0.40v0.39v0.38next

Anapaya appliance configuration (nat only)

nat object

Top-level configuration and state for NAT.

dnats object[]

Top-level configuration and state for the destination NAT.

  • Array [
    • addressstring<ip-address>

    The IPv4 address to match for destination NAT. Incoming packets with this address as the destination will have it translated to nat.dnats.dnat.destination_address. The translation can be restricted to specific ports using nat.dnats.dnat.port_mappings.

    descriptionstring

    An optional textual description of the destination NAT configuration.

    destination_addressstring<ip-address>

    The IPv4 address to which nat.dnats.dnat.address is translated. If outgoing packets have this source address, it will be replaced by nat.dnats.dnat.address.

    port_mappings object[]

    The list of port mappings for the destination NAT. Mandatory when ingress source NAT is enabled as well.

  • Array [
    • descriptionstring

    An optional textual description of the port mapping configuration.

    destination_portinteger<uint16>

    The port to which the destination port is translated. Must be an integer between 0 and 65535.

    portinteger<uint16>

    The destination port to match for the port mapping. Must be an integer between 0 and 65535. If the destination port matches and the destination address matches the nat.dnats.dnat.address, the destination port will be replaced by nat.dnats.dnat.port_mappings.destination_port.

    protocolstring

    Transmission layer protocol. Supported protocols are (tcp, udp).

  • ]
  • ]
    • snat object

    Top-level configuration and state for the source NAT.

    address_poolstring<ip-prefix>[]

    A list of IPv4 prefixes to specify which addresses can be used for the source NAT. A packet’s source address will be replaced by one of these addresses. A response packet will have its destination address replaced by the original source address.

    excludestring<ip-prefix>[]

    A list of IPv4 prefixes to exclude from the source NAT. A packet with source IP address covered by one of these prefixes will be passed as is without rewriting its source address. The number of addresses to exclude is limited to 1000000.

    interfacesstring[]

    A list of network interfaces on which source NATing should be applied. Outgoing (transmitted) packets on these interfaces will have their source IP address rewritten to one of the addresses in the address pool. Incoming (received) packets will have their destination address rewritten to the original source address. The list of network interfaces can contain any interface on the host that uses the VPP_DPDK driver. Furthermore, there is a special interface, the scion-gateway interface. It can be used to configure source NATing for outgoing IP-in-SCION tunneling traffic. In case SNAT is configured in combination with DNAT (see Use Case: Ingress SNAT and DNAT), the list of network interfaces must be empty, as DNATs and SNAT combination only works with the scion-gateway interface, it is automatically set.

    Config_Nat_Wrapped
    {
      "nat": {
        "dnats": [
          {
            "address": "string",
            "description": "string",
            "destination_address": "string",
            "port_mappings": [
              {
                "description": "string",
                "destination_port": 0,
                "port": 0,
                "protocol": "string"
              }
            ]
          }
        ],
        "snat": {
          "address_pool": [
            "string"
          ],
          "exclude": [
            "string"
          ],
          "interfaces": [
            "string"
          ]
        }
      }
    }