3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

281

282

283

284

285

286

287

288

289

290

286 CHAPTER 17: NAT CONFIGURATION COMMANDS

aging-time: Displays the effective time for NAT connection.

all: Displays all the information about NAT.

outbound: Displays the information of the outbound NAT.

server: Displays the information of the internal server.

statistics: Displays the statistics of current NAT records.

session: Displays the information of the currently activated connection.

source global global-addr: Only displays the NAT entry with address as

global-addr after NAT.

source inside inside-addr: Only displays the NAT entry with internal address as

inside-addr.

destination ip-addr: Displays the NAT table items of a special IP destination.

Description

Use the display nat command to display the configuration of address translation.

Users can verify if the configuration of address translation is correct according to

the output information after execution of this command. When address

translation connection information is displayed, the parameters of global-addr and

inside-addr can be specified for the display nat session command

simultaneously.

Example

# Display all the information about address translation.

<SecBlade_FW> display nat all

NAT address-group Information:

1: from 11.1.1.1 to 11.1.1.20

2: from 22.1.1.1 to 22.1.1.20

NAT outbound information:

GigabitEthernet0/0.1: acl(2011)-NAT address-group(1) [no-pat]

GigabitEthernet0/0.1: acl(2022)-NAT address-group(2) [no-pat]

Server in private network information:

Interface GlobalAddr GlobalPort InsideAddr InsidePort Pro

GigabitEthernet0/0.1 201.119.11.3 8080 5.5.5.5 80(www) 6(tcp)

GigabitEthernet0/0.1 201.119.11.3 2121 5.5.5.5 21(ftp) 6(tcp)

NAT aging-time value information:

tcp ---- aging-time value is 86400 (seconds)

udp ---- aging-time value is 300 (seconds)

icmp ---- aging-time value is 60 (seconds)

pptp ---- aging-time value is 86400 (seconds)

dns ---- aging-time value is 60 (seconds)

tcp-fin ---- aging-time value is 60 (seconds)

tcp-syn ---- aging-time value is 60 (seconds)

ftp-ctrl ---- aging-time value is 7200 (seconds)

ftp-data ---- aging-time value is 300 (seconds)

The information above indicates:

Two address pools are configured: Address pool 1 ranges from 11.1.1.1 to

11.1.1.20, and address tool 2 ranges from 22.1.1.1 to 22.1.1.20.