test

System Administration Guide: IP Services

Managing NAT Rules for Solaris IP Filter

Use the following procedures to manage, view, and modify NAT rules.

ProcedureHow to View Active NAT Rules

  1. Assume a role that includes the IP Filter Management rights profile, or become superuser.

    You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. View the active NAT rules.


    # ipnat -l
Example 25–10 Viewing Active NAT Rules

The following example shows the output from the active NAT rules set.


# ipnat -l
List of active MAP/Redirect filters:
map dmfe0 192.168.1.0/24 -> 20.20.20.1/32

List of active sessions:

ProcedureHow to Remove NAT Rules

  1. Assume a role that includes the IP Filter Management rights profile, or become superuser.

    You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Remove the current NAT rules.


    # ipnat -C
Example 25–11 Removing NAT Rules

The following example shows how to remove the entries in the current NAT rules.


# ipnat -l
List of active MAP/Redirect filters:
map dmfe0 192.168.1.0/24 -> 20.20.20.1/32

List of active sessions:
# ipnat -C
1 entries flushed from NAT list
# ipnat -l
List of active MAP/Redirect filters:

List of active sessions:

ProcedureHow to Append Rules to the NAT Rules

  1. Assume a role that includes the IP Filter Management rights profile, or become superuser.

    You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Use one of the following methods to append rules to the active rule set:

    • Append rules to the NAT rule set at the command line using the ipnat -f - command.


      # echo "map dmfe0 192.168.1.0/24 -> 20.20.20.1/32" | ipnat -f -

    • Perform the following commands:

      1. Create additional NAT rules in a file of your choice.

      2. Add the rules you have created to the active NAT rules.


        # ipnat -f filename

        The rules in filename are added to the end of the NAT rules.

Example 25–12 Appending Rules to the NAT Rule Set

The following example shows how to add a rule to the NAT rule set from the command line.


# ipnat -l
List of active MAP/Redirect filters:

List of active sessions:
# echo "map dmfe0 192.168.1.0/24 -> 20.20.20.1/32" | ipnat -f -
# ipnat -l
List of active MAP/Redirect filters:
map dmfe0 192.168.1.0/24 -> 20.20.20.1/32

List of active sessions: