Network Address Translation (NAT)¶

The NAT client is the command-line interface (CLI) for the Network Address Translation (NAT) API and its extensions.

For help on a specific nat command, enter:

$ openstack nat help SUBCOMMAND

Nat Gateway Operations¶

nat gateway create¶

Create new NAT Gateway

openstack nat gateway create
    [--description <description>]
    --spec <spec>
    --router-id <router_id>
    --internal-network-id <internal_network_id>
    <name>

--description <description>¶: Provides supplementary information about the NAT Gateway.

--spec <spec>¶: Specifies the type of the NAT Gateway. The value can be: 1: small type, which supports up to 10,000 SNAT connections. 2: medium type, which supports up to 50,000 SNAT connections. 3: large type, which supports up to 200,000 SNAT connections. 4: extra-large type, which supports up to 1,000,000 SNAT connections.

--router-id <router_id>¶: Specifies the VPC ID.

--internal-network-id <internal_network_id>¶: Specifies the network ID of the downstream interface (the next hop of the DVR) of the NAT Gateway.

name¶: Specifies the name of the NAT Gateway.

This command is provided by the otcextensions plugin.

nat gateway delete¶

Deletes NAT Gateway.

openstack nat gateway delete <gateway> [<gateway> ...]

gateway¶: Nat Gateway(s) to delete (Name or ID)

This command is provided by the otcextensions plugin.

nat gateway list¶

List Nat Gateway.

openstack nat gateway list
    [--sort-column SORT_COLUMN]
    [--sort-ascending | --sort-descending]
    [--id <id>]
    [--limit <limit>]
    [--project-id <project_id>]
    [--name <name>]
    [--spec <spec>]
    [--router-id <router_id>]
    [--internal-network-id <internal_network_id>]
    [--status <status>]
    [--admin-state-up <admin_state_up>]
    [--created-at <created_at>]

--sort-column SORT_COLUMN¶: specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--sort-ascending¶: sort the column(s) in ascending order

--sort-descending¶: sort the column(s) in descending order

--id <id>¶: Specifies the ID of the NAT Gateway.

--limit <limit>¶: Limit to fetch number of records.

--project-id <project_id>¶: Specifies the project ID.

--name <name>¶: Specifies the Name of the NAT Gateway.

--spec <spec>¶: Specifies the type of the NAT Gateway. The value of spec can be: 1: small type, which supports up to 10,000 SNAT connections. 2: medium type, which supports up to 50,000 SNAT connections. 3: large type, which supports up to 200,000 SNAT connections. 4: extra-large type, which supports up to 1,000,000 SNAT connections.

--router-id <router_id>¶: Specifies the router ID.

--internal-network-id <internal_network_id>¶: Specifies the network ID of the downstream interface (the next hop of the DVR) of the NAT Gateway.

--status <status>¶: Specifies the status of the NAT Gateway. ACTIVE: The resource status is normal. PENDING_CREATE: The resource is being created. PENDING_UPDATE: The resource is being updated. PENDING_DELETE: The resource is being deleted. EIP_FREEZED: The EIP of the resource is frozen. INACTIVE: The resource status is abnormal.

--admin-state-up <admin_state_up>¶: Specifies whether the NAT Gateway is enabled or disabled. The value can be: true: The NAT gateway is up. false: The NAT gateway is down.

--created-at <created_at>¶: Specifies when the NAT Gateway is created (UTC time). Its valuerounds to 6 decimal places forseconds. The format is yyyy-mm-ddhh:mm:ss.

This command is provided by the otcextensions plugin.

nat gateway show¶

Show NAT Gateway details

openstack nat gateway show <gateway>

gateway¶: Specifies the Name or ID of the NAT Gateway.

This command is provided by the otcextensions plugin.

nat gateway update¶

Update a NAT Gateway.

openstack nat gateway update
    [--name <name>]
    [--description <description>]
    [--spec <spec>]
    <gateway>

--name <name>¶: Specifies the name of the NAT Gateway.

--description <description>¶: Provides supplementary informationabout the NAT gateway.

--spec <spec>¶: Specifies the type of the NAT Gateway.

gateway¶: Specifies the Name or ID of the NAT Gateway.

This command is provided by the otcextensions plugin.

Snat Rule Operations¶

nat snat rule create¶

Create new SNAT Rule

openstack nat snat rule create
    --nat-gateway-id <nat_gateway_id>
    --floating-ip-id <floating_ip_id>
    [--network-id <network_id>]
    [--cidr <cidr>]
    [--source-type <source_type>]

--nat-gateway-id <nat_gateway_id>¶: Specifies the ID of the NAT gateway.

--floating-ip-id <floating_ip_id>¶: Specifies the Floating IP ID. Multiple Floating IPs are separated using commas.

--network-id <network_id>¶: Specifies the network ID used by the SNAT rule. This parameter and cidr are alternative.

--cidr <cidr>¶: Specifies CIDR, which can be in the format of a network segment or a host IP address.

--source-type <source_type>¶: Specifies the source type. 0: Either network_id or cidr can be specified in a VPC. 1: Only cidr can be specified over a Direct Connect connection. If no value is entered, the default value 0 (VPC) is used.

This command is provided by the otcextensions plugin.

nat snat rule delete¶

Deletes Snat Rule(s).

openstack nat snat rule delete <snat_id> [<snat_id> ...]

snat_id¶: Specifies the SNAT rule(s) ID(s) to delete.

This command is provided by the otcextensions plugin.

nat snat rule list¶

List SNAT Rules.

openstack nat snat rule list
    [--sort-column SORT_COLUMN]
    [--sort-ascending | --sort-descending]
    [--id <id>]
    [--limit <limit>]
    [--project-id <project_id>]
    [--nat-gateway-id <nat_gateway_id>]
    [--network-id <network_id>]
    [--cidr <cidr>]
    [--source-type <source_type>]
    [--floating-ip-id <floating_ip_id>]
    [--floating-ip-address <floating_ip_address>]
    [--status <status>]
    [--admin-state-up <admin_state_up>]
    [--created-at <created_at>]

--sort-column SORT_COLUMN¶: specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--sort-ascending¶: sort the column(s) in ascending order

--sort-descending¶: sort the column(s) in descending order

--id <id>¶: Specifies the ID of the SNAT rule.

--limit <limit>¶: Limit to fetch number of records.

--project-id <project_id>¶: Specifies the project ID.

--nat-gateway-id <nat_gateway_id>¶: Specifies the NAT gateway ID.

--network-id <network_id>¶: Specifies the network ID used by the SNAT rule.

--cidr <cidr>¶: Specifies a subset of the VPC subnet CIDR block or a CIDR block of Direct Connect connection.

--source-type <source_type>¶: Specifies Source Type.

--floating-ip-id <floating_ip_id>¶: Specifies the Floating IP ID.

--floating-ip-address <floating_ip_address>¶: Specifies the Floating IP.

--status <status>¶: Specifies the status of the SNAT rule. ACTIVE: The resource status is normal. PENDING_CREATE: The resource is being created. PENDING_UPDATE: The resource is being updated. PENDING_DELETE: The resource is being deleted. EIP_FREEZED: The EIP of the resource is frozen. INACTIVE: The resource status is abnormal.

--admin-state-up <admin_state_up>¶: Specifies whether the SNAT rule is enabled or disabled. The value can be: true: The SNAT rule is enabled. false: The SNAT rule is disabled.

--created-at <created_at>¶: Specifies when the SNAT rule is created (UTC time). Its value rounds to 6 decimal places for seconds. The format is yyyy-mm-ddhh:mm:ss.

This command is provided by the otcextensions plugin.

nat snat rule show¶

Show Snat Rule details

openstack nat snat rule show <snat_id>

snat_id¶: Specifies the ID of the SNAT Rule.

This command is provided by the otcextensions plugin.

Dnat Rule Operations¶

nat dnat rule create¶

Create new DNAT Rule

openstack nat dnat rule create
    --nat-gateway-id <nat_gateway_id>
    [--port-id <port_id>]
    [--private-ip <private_ip>]
    --internal-service-port <internal_service_port>
    --floating-ip-id <floating_ip_id>
    --external-service-port <external_service_port>
    --protocol <protocol>

--nat-gateway-id <nat_gateway_id>¶: Specifies the ID of the NAT Gateway.

--port-id <port_id>¶: Specifies the port ID of an ECS or a BMS.

--private-ip <private_ip>¶: Specifies the private IP address, for example, the IP address of a Direct Connect connection.

--internal-service-port <internal_service_port>¶: Specifies port used by ECSs or BMSs to provide services for external systems.

--floating-ip-id <floating_ip_id>¶: Specifies the Floating IP ID. Multiple Floating IPs are separated using commas.

--external-service-port <external_service_port>¶: Specifies the port for providing external services.

--protocol <protocol>¶: Specifies the protocol type.

This command is provided by the otcextensions plugin.

nat dnat rule delete¶

Deletes Dnat Rule(s).

openstack nat dnat rule delete <dnat_id> [<dnat_id> ...]

dnat_id¶: Specifies the DNAT Rule(s) ID(s) to delete.

This command is provided by the otcextensions plugin.

nat dnat rule list¶

List DNAT Rules.

openstack nat dnat rule list
    [--sort-column SORT_COLUMN]
    [--sort-ascending | --sort-descending]
    [--id <id>]
    [--limit <limit>]
    [--project-id <project_id>]
    [--nat-gateway-id <nat_gateway_id>]
    [--port-id <port_id>]
    [--private-ip <private_ip>]
    [--internal-service-port <internal_service_port>]
    [--floating-ip-id <floating_ip_id>]
    [--floating-ip-address <floating_ip_address>]
    [--external-service-port <external_service_port>]
    [--protocol <protocol>]
    [--status <status>]
    [--admin-state-up <admin_state_up>]
    [--created-at <created_at>]

--sort-column SORT_COLUMN¶: specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--sort-ascending¶: sort the column(s) in ascending order

--sort-descending¶: sort the column(s) in descending order

--id <id>¶: Specifies the ID of the SNAT rule.

--limit <limit>¶: Limit to fetch number of records.

--project-id <project_id>¶: Specifies the project ID.

--nat-gateway-id <nat_gateway_id>¶: Specifies the NAT gateway ID.

--port-id <port_id>¶: Specifies the port ID of an ECS or a BMS.

--private-ip <private_ip>¶: Specifies the private IP address, for example, the IP address of a Direct Connect connection.

--internal-service-port <internal_service_port>¶: Specifies port used by ECSs or BMSs to provide services for external systems.

--floating-ip-id <floating_ip_id>¶: Specifies the Floating IP ID.

--floating-ip-address <floating_ip_address>¶: Specifies the Floating IP.

--external-service-port <external_service_port>¶: Specifies the port for providing external services.

--protocol <protocol>¶: Specifies the protocol type.Currently, TCP, UDP, and ANY are supported.

--status <status>¶: Specifies the status of the DNAT rule. ACTIVE: The resource status is normal. PENDING_CREATE: The resource is being created. PENDING_UPDATE: The resource is being updated. PENDING_DELETE: The resource is being deleted. EIP_FREEZED: The EIP of the resource is frozen. INACTIVE: The resource status is abnormal.

--admin-state-up <admin_state_up>¶: Specifies whether the DNAT rule is enabled or disabled. The value can be: true: The DNAT rule is enabled. false: The DNAT rule is disabled.

--created-at <created_at>¶: Specifies when the DNAT rule is created (UTC time). Its value rounds to 6 decimal places forseconds. The format is yyyy-mm-ddhh:mm:ss.

This command is provided by the otcextensions plugin.

nat dnat rule show¶

Show Dnat Rule details

openstack nat dnat rule show <dnat_id>

dnat_id¶: Specifies the ID of the SNAT Rule

This command is provided by the otcextensions plugin.

last updated: 2023-06-12 09:35