# iifname "eth0" tcp dport 80-90 snat to 192.168.3.2 [ { "match": { "left": { "meta": { "key": "iifname" } }, "op": "==", "right": "eth0" } }, { "match": { "left": { "payload": { "field": "dport", "protocol": "tcp" } }, "op": "==", "right": { "range": [ 80, 90 ] } } }, { "snat": { "addr": "192.168.3.2" } } ] # iifname "eth0" tcp dport != 80-90 snat to 192.168.3.2 [ { "match": { "left": { "meta": { "key": "iifname" } }, "op": "==", "right": "eth0" } }, { "match": { "left": { "payload": { "field": "dport", "protocol": "tcp" } }, "op": "!=", "right": { "range": [ 80, 90 ] } } }, { "snat": { "addr": "192.168.3.2" } } ] # iifname "eth0" tcp dport {80, 90, 23} snat to 192.168.3.2 [ { "match": { "left": { "meta": { "key": "iifname" } }, "op": "==", "right": "eth0" } }, { "match": { "left": { "payload": { "field": "dport", "protocol": "tcp" } }, "op": "==", "right": { "set": [ 80, 90, 23 ] } } }, { "snat": { "addr": "192.168.3.2" } } ] # iifname "eth0" tcp dport != {80, 90, 23} snat to 192.168.3.2 [ { "match": { "left": { "meta": { "key": "iifname" } }, "op": "==", "right": "eth0" } }, { "match": { "left": { "payload": { "field": "dport", "protocol": "tcp" } }, "op": "!=", "right": { "set": [ 80, 90, 23 ] } } }, { "snat": { "addr": "192.168.3.2" } } ] # iifname "eth0" tcp dport != 23-34 snat to 192.168.3.2 [ { "match": { "left": { "meta": { "key": "iifname" } }, "op": "==", "right": "eth0" } }, { "match": { "left": { "payload": { "field": "dport", "protocol": "tcp" } }, "op": "!=", "right": { "range": [ 23, 34 ] } } }, { "snat": { "addr": "192.168.3.2" } } ] # iifname "eth0" tcp dport 80-90 snat to 192.168.3.0-192.168.3.255 [ { "match": { "left": { "meta": { "key": "iifname" } }, "op": "==", "right": "eth0" } }, { "match": { "left": { "payload": { "field": "dport", "protocol": "tcp" } }, "op": "==", "right": { "range": [ 80, 90 ] } } }, { "snat": { "addr": { "prefix": { "addr": "192.168.3.0", "len": 24 } } } } ] # iifname "eth0" tcp dport 80-90 snat to 192.168.3.15-192.168.3.240 [ { "match": { "left": { "meta": { "key": "iifname" } }, "op": "==", "right": "eth0" } }, { "match": { "left": { "payload": { "field": "dport", "protocol": "tcp" } }, "op": "==", "right": { "range": [ 80, 90 ] } } }, { "snat": { "addr": { "range": [ "192.168.3.15", "192.168.3.240" ] } } } ] # snat ip to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 } [ { "snat": { "addr": { "map": { "data": { "set": [ [ "10.141.11.4", { "concat": [ "192.168.2.3", 80 ] } ] ] }, "key": { "payload": { "field": "saddr", "protocol": "ip" } } } }, "family": "ip", "type_flags": "concat" } } ] # snat ip interval to ip saddr map { 10.141.11.4 : 192.168.2.2-192.168.2.4 } [ { "snat": { "addr": { "map": { "data": { "set": [ [ "10.141.11.4", { "range": [ "192.168.2.2", "192.168.2.4" ] } ] ] }, "key": { "payload": { "field": "saddr", "protocol": "ip" } } } }, "family": "ip", "type_flags": "interval" } } ] # snat ip prefix to ip saddr map { 10.141.11.0/24 : 192.168.2.0/24 } [ { "snat": { "addr": { "map": { "data": { "set": [ [ { "prefix": { "addr": "10.141.11.0", "len": 24 } }, { "prefix": { "addr": "192.168.2.0", "len": 24 } } ] ] }, "key": { "payload": { "field": "saddr", "protocol": "ip" } } } }, "family": "ip", "flags": "netmap", "type_flags": [ "interval", "prefix" ] } } ] # meta l4proto 17 snat ip to ip saddr map { 10.141.11.4 : 192.168.2.3 . 80 } [ { "match": { "left": { "meta": { "key": "l4proto" } }, "op": "==", "right": "udp" } }, { "snat": { "addr": { "map": { "data": { "set": [ [ "10.141.11.4", { "concat": [ "192.168.2.3", 80 ] } ] ] }, "key": { "payload": { "field": "saddr", "protocol": "ip" } } } }, "family": "ip" } } ] # snat ip to ip saddr map { 10.141.11.4 : 192.168.2.2-192.168.2.4 } [ { "snat": { "addr": { "map": { "data": { "set": [ [ "10.141.11.4", { "range": [ "192.168.2.2", "192.168.2.4" ] } ] ] }, "key": { "payload": { "field": "saddr", "protocol": "ip" } } } }, "family": "ip" } } ] # snat ip to ip saddr map { 10.141.12.14 : 192.168.2.0/24 } [ { "snat": { "addr": { "map": { "data": { "set": [ [ "10.141.12.14", { "prefix": { "addr": "192.168.2.0", "len": 24 } } ] ] }, "key": { "payload": { "field": "saddr", "protocol": "ip" } } } }, "family": "ip" } } ] # meta l4proto { 6, 17} snat ip to ip saddr . th dport map { 10.141.11.4 . 20 : 192.168.2.3 . 80} [ { "match": { "left": { "meta": { "key": "l4proto" } }, "op": "==", "right": { "set": [ "tcp", "udp" ] } } }, { "snat": { "addr": { "map": { "data": { "set": [ [ { "concat": [ "10.141.11.4", 20 ] }, { "concat": [ "192.168.2.3", 80 ] } ] ] }, "key": { "concat": [ { "payload": { "field": "saddr", "protocol": "ip" } }, { "payload": { "field": "dport", "protocol": "th" } } ] } } }, "family": "ip" } } ]