No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
NetEngine AR V300R019 CLI-based Configuration Guide - IP Service
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the NAT Flow Table

Configuring the NAT Flow Table

Context

The timeout interval of a session varies for different protocols or ports. If a session is not used within a specified period, the session becomes invalid and the system deletes it from the NAT flow table. For example, if a user establishes a TCP connection with an extranet host using an IP address and a port, this session is created in the NAT flow table. If the TCP connection is not used within the specified period of time, the session record is deleted from the NAT flow table.

Procedure

  1. Run the system-view command to enter the system view.
  2. Run the firewall-nat session { { dns | ftp | ftp-data | http | icmp | tcp | tcp-proxy | udp | sip | sip-media | rtsp | rtsp-media | pptp | pptp-data } | { tcp | udp } user-define port-number } aging-time time-value command to set the aging time of NAT mapping entries.

    By default, the aging time of different protocols is as follows: DNS (120s), FTP (120s), FTP-data (120s), HTTP (120s), ICMP (20s), TCP (600s), TCP-proxy (10s), UDP (120s), SIP (1800s), SIP-media (120s), RTSP (60s), RTSP-media (120s), PPTP (600s), and PPTP-data (600s). The default aging time of session entries on a user-defined TCP or UDP port is the same as that of the corresponding protocol.

  3. (Optional) Run the reset nat session { all | transit interface interface-type interface-number [ .subnumber ] } command to clear NAT mapping entries.

Verifying the Configuration

Run one or multiple of the following commands as required:

  • Run the display nat session { all [ verbose ] | number } command to display information about entries in the NAT mapping table.

  • Run the display nat session protocol { protocol-name | protocol-number } [ source source-address [ source-port ] ] [ destination destination-address [ destination-port ] ] [ verbose ] command to display information about NAT mapping entries with a specified protocol or port number.

  • Run the display nat session source source-address [ source-port ] [ destination destination-address [ destination-port ] ] [ verbose ] command to display information about NAT mapping entries with a specified source IP address and port number before translation.

  • Run the display nat session destination destination-address [ destination-port ] [ verbose ] command to display information about NAT mapping entries with a specified destination IP address and port number before translation.

  • Run the display firewall-nat session aging-time command to check the aging time of NAT mapping entries.

Translation
简体中文
Download
Updated: 2023-05-18

Document ID: EDOC1100112351

Views: 519722

Downloads: 755

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :