1944 lines
57 KiB
Plaintext
1944 lines
57 KiB
Plaintext
--******************************************************************************
|
|
-- HM-NAT-MIB: Managed objects for
|
|
--
|
|
-- May 2011
|
|
--
|
|
-- Copyright (c) Hirschmann Automation & Control GmbH 2011
|
|
--******************************************************************************
|
|
|
|
HM2-NAT-MIB DEFINITIONS ::= BEGIN
|
|
IMPORTS
|
|
OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE,
|
|
Integer32, Unsigned32, Counter64
|
|
FROM SNMPv2-SMI
|
|
RowStatus, DisplayString, TruthValue
|
|
FROM SNMPv2-TC
|
|
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
|
|
FROM SNMPv2-CONF
|
|
InterfaceIndex, InterfaceIndexOrZero
|
|
FROM IF-MIB
|
|
hm2ConfigurationMibs, HmActionValue, HmTimeSeconds1970
|
|
FROM HM2-TC-MIB
|
|
StorageType FROM SNMPv2-TC
|
|
;
|
|
|
|
hm2NatMib MODULE-IDENTITY
|
|
LAST-UPDATED "201111300000Z" -- Nov 30, 2011
|
|
ORGANIZATION "Hirschmann Automation and Control GmbH"
|
|
CONTACT-INFO
|
|
"Postal: Stuttgarter Str. 45-51
|
|
72654 Neckartenzlingen
|
|
Germany
|
|
Phone: +49 - 7127 -14 -0
|
|
E-mail: hac.support@belden.com"
|
|
DESCRIPTION
|
|
"This MIB defines the SNMP interface for Hirschmann DNAT/SNAT/
|
|
Double NAT/1:1 NAT implementations
|
|
|
|
Copyright (C) "
|
|
REVISION "201111300000Z" -- Nov 30, 2011
|
|
DESCRIPTION
|
|
"- Added missing protocol information
|
|
- Changed stats to 64bit values
|
|
"
|
|
REVISION "201110240000Z" -- Oct 24, 2011
|
|
DESCRIPTION
|
|
"Removed all address types to be in sync with the FW MIB.
|
|
The address type is now determined by the parser
|
|
automatically.
|
|
"
|
|
REVISION "201109130000Z" -- Sep 13, 2011
|
|
DESCRIPTION
|
|
"- Added commit and pending actions variables
|
|
- Added interface mapping tables
|
|
- Use HmActionValue instead of TruthValue
|
|
"
|
|
REVISION "201107010000Z" -- July 1, 2011
|
|
DESCRIPTION
|
|
"- Modifications to address representation
|
|
"
|
|
REVISION "201105310000Z" -- May 31, 2011
|
|
DESCRIPTION
|
|
"Initial version."
|
|
::= { hm2ConfigurationMibs 80 }
|
|
|
|
|
|
hm2NatNotifications OBJECT IDENTIFIER ::= { hm2NatMib 0 }
|
|
|
|
hm2NatObjects OBJECT IDENTIFIER ::= { hm2NatMib 1 }
|
|
|
|
hm2NatConformance OBJECT IDENTIFIER ::= { hm2NatMib 2}
|
|
|
|
hm2NatGeneralSettings OBJECT IDENTIFIER ::= { hm2NatObjects 1 }
|
|
|
|
hm2NatSNMPExtensionGroup OBJECT IDENTIFIER ::= { hm2NatMib 5 }
|
|
--******************************************************************************
|
|
-- General Settings Objects
|
|
--******************************************************************************
|
|
|
|
|
|
hm2DnatMaxRules OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Maximum number of allowed rules for DNAT."
|
|
::= { hm2NatGeneralSettings 2 }
|
|
|
|
hm2OneToOneNatMaxRules OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Maximum number of allowed rules for 1:1 NAT."
|
|
::= { hm2NatGeneralSettings 3 }
|
|
|
|
hm2MasqMaxRules OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Maximum number of allowed rules for Masquerading."
|
|
::= { hm2NatGeneralSettings 4 }
|
|
|
|
hm2DoubleNatMaxRules OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Maximum number of allowed rules for Double NAT."
|
|
::= { hm2NatGeneralSettings 5 }
|
|
|
|
hm2NatResetStatistics OBJECT-TYPE
|
|
SYNTAX HmActionValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Setting this value to action(2) will reset the statistics of
|
|
the whole NAT module. It will be set to noop(1) automatically
|
|
after reset."
|
|
::= { hm2NatGeneralSettings 6 }
|
|
|
|
--******************************************************************************
|
|
-- DNAT Rules Definition
|
|
--******************************************************************************
|
|
|
|
hm2DnatRuleAppliedTrap NOTIFICATION-TYPE
|
|
OBJECTS { hm2DnatRuleIndex }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A rule of DNAT was applied. The rule is
|
|
identified by the given rule index of the rule table."
|
|
::= { hm2NatNotifications 1 }
|
|
|
|
hm2DnatRuleAppliedAndLoggedTrap NOTIFICATION-TYPE
|
|
OBJECTS { hm2DnatRuleIndex }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A rule of DNAT was applied and logged according to
|
|
the current logging mechanism. The rule is identified by the
|
|
given rule index of the rule table."
|
|
::= { hm2NatNotifications 2 }
|
|
|
|
hm2Dnat OBJECT IDENTIFIER ::= { hm2NatObjects 2 }
|
|
|
|
hm2DnatRules OBJECT IDENTIFIER ::= { hm2Dnat 1 }
|
|
|
|
hm2DnatRulesObjects OBJECT IDENTIFIER ::= { hm2DnatRules 1 }
|
|
|
|
hm2DnatRuleCount OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of current DNAT rules"
|
|
::= { hm2DnatRulesObjects 1 }
|
|
|
|
hm2DnatIfMappingRuleCount OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of current DNAT IF mapping entries."
|
|
::={ hm2DnatRulesObjects 2 }
|
|
|
|
hm2DnatRulePendingActions OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This value describes, whether the DNAT rule table was modified
|
|
but not yet written to the firewall implementation (set to
|
|
true). After writing all modifications to the firewall, the
|
|
value switches automatically back to false."
|
|
DEFVAL { false }
|
|
::={ hm2DnatRulesObjects 3 }
|
|
|
|
hm2DnatCommitPendingActions OBJECT-TYPE
|
|
SYNTAX HmActionValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Setting this value to action(2) writes not yet committed changes
|
|
to the firewall (DNAT and Interface Mapping Table). After
|
|
writing all modifications, the value switches automatically
|
|
back to noop(1)."
|
|
DEFVAL { noop }
|
|
::={ hm2DnatRulesObjects 4 }
|
|
|
|
hm2DnatRulesTables OBJECT IDENTIFIER ::= { hm2DnatRules 2 }
|
|
|
|
hm2DnatRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hm2DnatRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The list of DNAT rules for this firewall."
|
|
::= { hm2DnatRulesTables 1 }
|
|
|
|
hm2DnatRuleEntry OBJECT-TYPE
|
|
SYNTAX Hm2DnatRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"DNAT rule entry."
|
|
INDEX { hm2DnatRuleIndex }
|
|
::= { hm2DnatRuleTable 1 }
|
|
|
|
Hm2DnatRuleEntry ::=
|
|
SEQUENCE {
|
|
hm2DnatRuleIndex Integer32,
|
|
hm2DnatSourceAddress DisplayString,
|
|
hm2DnatSourcePort DisplayString,
|
|
hm2DnatTargetAddress DisplayString,
|
|
hm2DnatTargetPort DisplayString,
|
|
hm2DnatNewTargetAddress DisplayString,
|
|
hm2DnatNewTargetPort DisplayString,
|
|
hm2DnatProto INTEGER,
|
|
hm2DnatRuleParams DisplayString,
|
|
hm2DnatLog TruthValue,
|
|
hm2DnatTrap TruthValue,
|
|
hm2DnatRowStatus RowStatus,
|
|
hm2DnatDescription DisplayString
|
|
}
|
|
|
|
hm2DnatRuleIndex OBJECT-TYPE
|
|
SYNTAX Integer32 ( 1..255 )
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Rule index of this DNAT rule."
|
|
::= { hm2DnatRuleEntry 1 }
|
|
|
|
hm2DnatSourceAddress OBJECT-TYPE
|
|
SYNTAX DisplayString ( SIZE(1..20) )
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source address of packets to be NATed. Can be:
|
|
- Single address (a.b.c.d),
|
|
- address range in CIDR notation (a.b.c.d/n)
|
|
- the name of a Netobject ($NetobjectName)
|
|
- 'any' for no filtering at all
|
|
- a prepending '!' selects the complement set"
|
|
DEFVAL { "any" }
|
|
::= { hm2DnatRuleEntry 3 }
|
|
|
|
hm2DnatSourcePort OBJECT-TYPE
|
|
SYNTAX DisplayString ( SIZE(1..50) )
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The source port of the packet to reroute. Allowed formats are:
|
|
- keyword 'any' for no filtering or a protocol without ports
|
|
- single port ('10')
|
|
- port range with first and last port separated by hyphen
|
|
('10-15')
|
|
- comma separated list of ports ('1235,25,123')
|
|
- combination of the points above ('10,25-30,125,1993')
|
|
|
|
The number of named ports (1 for each individual port, 2 for port
|
|
ranges) must not exceed 15."
|
|
DEFVAL { "any" }
|
|
::= { hm2DnatRuleEntry 4 }
|
|
|
|
hm2DnatTargetAddress OBJECT-TYPE
|
|
SYNTAX DisplayString ( SIZE(1..20) )
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination address of packets to be NATed. Can be:
|
|
- Single address (a.b.c.d),
|
|
- address range in CIDR notation (a.b.c.d/n)
|
|
- the name of a Netobject ($NetobjectName)
|
|
- 'any' for no filtering at all
|
|
- a prepending '!' selects the complement set"
|
|
::= { hm2DnatRuleEntry 5 }
|
|
|
|
hm2DnatTargetPort OBJECT-TYPE
|
|
SYNTAX DisplayString ( SIZE(1..50) )
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The target port of the packet to reroute. Allowed formats are:
|
|
- keyword 'any'
|
|
- single port ('10')
|
|
- port range with first and last port separated by hyphen
|
|
('10-15')
|
|
- comma separated list of ports ('1235,25,123')
|
|
- combination of the points above ('10,25-30,125,1993')
|
|
|
|
The number of named ports (1 for each individual port, 2 for port
|
|
ranges) must not exceed 15."
|
|
DEFVAL { "any" }
|
|
::= { hm2DnatRuleEntry 6 }
|
|
|
|
hm2DnatNewTargetAddress OBJECT-TYPE
|
|
SYNTAX DisplayString ( SIZE(1..20) )
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address of the machine to reroute packets to. Must be a single
|
|
IP address (a.b.c.d)."
|
|
::= { hm2DnatRuleEntry 7 }
|
|
|
|
hm2DnatNewTargetPort OBJECT-TYPE
|
|
SYNTAX DisplayString ( SIZE(1..50) )
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The port to reroute packets to. Must be a single port or 'any'."
|
|
::= { hm2DnatRuleEntry 8 }
|
|
|
|
hm2DnatProto OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
icmp(1),
|
|
igmp(2),
|
|
ipip(3),
|
|
tcp(4),
|
|
udp(5),
|
|
esp(6),
|
|
ah(7),
|
|
icmpv6(8),
|
|
any(9)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP protocol (RFC 791) for protocol-independent
|
|
filtering. The following values are currently
|
|
supported:
|
|
o icmp(1): Internet Control Message Protocol (RFC 792)
|
|
o igmp(2): Internet Group Management Protocol
|
|
o ipip(3): IP in IP tunneling (RFC 1853)
|
|
o tcp(4): Transmission Control Protocol (RFC 793)
|
|
o udp(5): User Datagram Protocol (RFC 768)
|
|
o esp(6): IPsec Encapsulated Security Payload (RFC 2406)
|
|
o ah(7): IPsec Authentication Header (RFC 2402)
|
|
o icmpv6(8): Internet Control Message Protocol for IPv6
|
|
o any(9): apply to all protocols"
|
|
DEFVAL { any }
|
|
::= { hm2DnatRuleEntry 9 }
|
|
|
|
hm2DnatRuleParams OBJECT-TYPE
|
|
SYNTAX DisplayString ( SIZE(0..50) )
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Additional parameters to this rule as string.
|
|
Currently only the value 'none' is valid.
|
|
Reserved for future use."
|
|
::= { hm2DnatRuleEntry 10 }
|
|
|
|
hm2DnatLog OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Set to true if application of this rule shall be logged."
|
|
DEFVAL { false }
|
|
::={ hm2DnatRuleEntry 11 }
|
|
|
|
|
|
hm2DnatTrap OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Set to true if application of this rule shall send a trap."
|
|
DEFVAL { false }
|
|
::={ hm2DnatRuleEntry 12 }
|
|
|
|
|
|
hm2DnatRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is a standard row status value:
|
|
- active(1): The rule is active. Note that until committed, the rule
|
|
will not be applied.
|
|
- notInService(2): The rule is inactive because of user action.
|
|
- notReady(3):The rule is inactive because it has an incomplete
|
|
configuration.
|
|
- createAndGo(4): Create the rule with default parameters
|
|
activated.
|
|
- createAndWait(5): Create the rule inactive.
|
|
- destroy(6): Delete the rule. You cannot delete a rule with
|
|
interface mappings to it."
|
|
::= { hm2DnatRuleEntry 13 }
|
|
|
|
hm2DnatDescription OBJECT-TYPE
|
|
SYNTAX DisplayString ( SIZE(0..32) )
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "User defined textual description related to this rule."
|
|
DEFVAL { "" }
|
|
::= { hm2DnatRuleEntry 14 }
|
|
|
|
hm2DnatRuleIfMappingTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hm2DnatRuleIfMappingEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Table for mapping DNAT rules to interfaces."
|
|
::={ hm2DnatRulesTables 2 }
|
|
|
|
hm2DnatRuleIfMappingEntry OBJECT-TYPE
|
|
SYNTAX Hm2DnatRuleIfMappingEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Entry in rule interface mapping table."
|
|
INDEX { hm2DnatIfmInterface, hm2DnatIfmDirection, hm2DnatIfmRuleIndex }
|
|
::={ hm2DnatRuleIfMappingTable 1 }
|
|
|
|
Hm2DnatRuleIfMappingEntry ::= SEQUENCE {
|
|
hm2DnatIfmRuleIndex Integer32,
|
|
hm2DnatIfmDirection INTEGER,
|
|
hm2DnatIfmPriority Unsigned32,
|
|
hm2DnatIfmInterface InterfaceIndex,
|
|
hm2DnatIfmRowStatus RowStatus
|
|
}
|
|
|
|
hm2DnatIfmRuleIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2048)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the DNAT rule this mapping entry is assigned to."
|
|
::={ hm2DnatRuleIfMappingEntry 1 }
|
|
|
|
|
|
hm2DnatIfmDirection OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
ingress(1),
|
|
egress(2),
|
|
both(3)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"For DNAT, this can only be set to ingress, which is the interface on
|
|
which a packet that is to be forwarded will arrive."
|
|
::={ hm2DnatRuleIfMappingEntry 2 }
|
|
|
|
hm2DnatIfmPriority OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..6500)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The priority is the sorting key for rules in the chain to this
|
|
interface. They don't need to be unique per interface, but in
|
|
that case, no clear order can be assumed.
|
|
Priorities are processed in ascending order (0 highest
|
|
priority)."
|
|
::={ hm2DnatRuleIfMappingEntry 3 }
|
|
|
|
hm2DnatIfmInterface OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The interface this mapping entry is assigned to. This has to be either
|
|
an hm2AgentSwitchIpInterfaceIfIndex or an hm2AgentSwitchIpVlanIfIndex.
|
|
Note that for physical interfaces this only works if the corresponding
|
|
hm2AgentSwitchIpInterfaceRoutingMode is set to enable."
|
|
::={ hm2DnatRuleIfMappingEntry 4 }
|
|
|
|
hm2DnatIfmRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The RowStatus value for this entry with the usual meanings:
|
|
|
|
- active(1): The interface mapping is in place
|
|
- notInService(2): The interface mapping is not in place because the
|
|
user said so
|
|
- notReady(3): The interface mapping is not in place because the
|
|
agent said so
|
|
- createAndGo(4): Create this mapping with the default priority and
|
|
activate it.
|
|
- createAndWait(5): Create this mapping deactivated.
|
|
- destroy(6): Destroy this interface mapping."
|
|
::={ hm2DnatRuleIfMappingEntry 5 }
|
|
|
|
|
|
|
|
|
|
hm2DnatStats OBJECT IDENTIFIER ::= { hm2Dnat 2 }
|
|
|
|
hm2DnatGlobalStats OBJECT IDENTIFIER ::= { hm2DnatStats 1 }
|
|
|
|
hm2DnatStatsTotalPck OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of packets processed by the DNAT firewall."
|
|
::= { hm2DnatGlobalStats 1 }
|
|
|
|
hm2DnatStatsTotalPckSize OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of bytes processed by the DNAT firewall."
|
|
::= { hm2DnatGlobalStats 2 }
|
|
|
|
hm2DnatStatsTotalPckDenDrop OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of packets dropped or denied by the DNAT firewall."
|
|
::={ hm2DnatGlobalStats 3 }
|
|
|
|
|
|
|
|
hm2DnatStatsTotalPckAccepted OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of packets accepted by the DNAT firewall."
|
|
::={ hm2DnatGlobalStats 4 }
|
|
|
|
hm2DnatRuleStats OBJECT IDENTIFIER ::= { hm2DnatStats 2 }
|
|
|
|
hm2DnatStatsRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hm2DnatStatsRuleTableEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Table of per-rule statistics of the DNAT firewall."
|
|
::= { hm2DnatRuleStats 1 }
|
|
|
|
hm2DnatStatsRuleTableEntry OBJECT-TYPE
|
|
SYNTAX Hm2DnatStatsRuleTableEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Statistics table entry for DNAT."
|
|
INDEX { hm2DnatRuleIndex }
|
|
::={ hm2DnatStatsRuleTable 1 }
|
|
|
|
Hm2DnatStatsRuleTableEntry ::= SEQUENCE {
|
|
hm2DnatStatsPckCount Counter64,
|
|
hm2DnatStatsPckSize Counter64,
|
|
hm2DnatStatsLastApplied HmTimeSeconds1970
|
|
}
|
|
|
|
hm2DnatStatsPckCount OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets DNATed."
|
|
::={ hm2DnatStatsRuleTableEntry 1 }
|
|
|
|
hm2DnatStatsPckSize OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of bytes DNATed."
|
|
::={ hm2DnatStatsRuleTableEntry 2 }
|
|
|
|
hm2DnatStatsLastApplied OBJECT-TYPE
|
|
SYNTAX HmTimeSeconds1970
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Time of last application of the rule in seconds since 1.1.1970."
|
|
::={ hm2DnatStatsRuleTableEntry 3 }
|
|
|
|
--******************************************************************************
|
|
-- 1:1 NAT
|
|
--******************************************************************************
|
|
|
|
hm21to1RuleAppliedTrap NOTIFICATION-TYPE
|
|
OBJECTS { hm21to1RuleIndex }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A rule of 1:1 NAT was applied. The rule is
|
|
identified by the given rule index of the rule table."
|
|
::= { hm2NatNotifications 5 }
|
|
|
|
hm21to1RuleAppliedAndLoggedTrap NOTIFICATION-TYPE
|
|
OBJECTS { hm21to1RuleIndex }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A rule of 1:1 NAT was applied and logged according
|
|
the current logging mechanism. The rule is identified by the
|
|
given rule index of the rule table."
|
|
::= { hm2NatNotifications 6 }
|
|
|
|
hm21to1 OBJECT IDENTIFIER ::= { hm2NatObjects 4 }
|
|
|
|
hm21to1RuleObjects OBJECT IDENTIFIER ::= { hm21to1 1 }
|
|
|
|
hm21to1RuleCount OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of current 1:1 NAT rules."
|
|
::= { hm21to1RuleObjects 1 }
|
|
|
|
hm21to1IfMappingRuleCount OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of current 1:1 NAT IF mapping entries."
|
|
::={ hm21to1RuleObjects 2 }
|
|
|
|
hm21to1RulePendingActions OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This value describes, whether the 1:1 NAT rule table was
|
|
modified but not yet written to the firewall implementation
|
|
(set to true). After writing all modifications to the firewall,
|
|
the value switches automatically back to false."
|
|
DEFVAL { false }
|
|
::={ hm21to1RuleObjects 3 }
|
|
|
|
hm21to1CommitPendingActions OBJECT-TYPE
|
|
SYNTAX HmActionValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Setting this value to action(2) writes not yet committed changes
|
|
to the firewall (1:1 NAT and Interface Mapping Table). After
|
|
writing all modifications, the value switches automatically
|
|
back to noop(1)."
|
|
DEFVAL { noop }
|
|
::={ hm21to1RuleObjects 4 }
|
|
|
|
hm21to1Alg OBJECT-TYPE
|
|
SYNTAX BITS {
|
|
ftp(0),
|
|
icmp(1)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Global bitmask for application level gateway of all the 1:1 NAT rules."
|
|
DEFVAL { {icmp, ftp} }
|
|
::= { hm21to1RuleObjects 5 }
|
|
|
|
hm21to1PublicIntf OBJECT-TYPE
|
|
SYNTAX InterfaceIndexOrZero
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the public interface defined on the uplink port."
|
|
DEFVAL { 0 }
|
|
::= { hm21to1RuleObjects 6 }
|
|
|
|
hm21to1RuleTables OBJECT IDENTIFIER ::= { hm21to1 2 }
|
|
|
|
hm21to1RuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hm21to1RuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The list of 1:1 NAT rules for this firewall."
|
|
::= { hm21to1RuleTables 1 }
|
|
|
|
hm21to1RuleEntry OBJECT-TYPE
|
|
SYNTAX Hm21to1RuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"1:1 NAT rule entry."
|
|
INDEX { hm21to1RuleIndex }
|
|
::= { hm21to1RuleTable 1 }
|
|
|
|
Hm21to1RuleEntry ::=
|
|
SEQUENCE {
|
|
hm21to1RuleIndex Integer32,
|
|
hm21to1TargetAddress DisplayString,
|
|
hm21to1NewTargetAddress DisplayString,
|
|
hm21to1RuleParams DisplayString,
|
|
hm21to1Log TruthValue,
|
|
hm21to1Trap TruthValue,
|
|
hm21to1RowStatus RowStatus,
|
|
hm21to1Description DisplayString,
|
|
hm21to1IngressIntf InterfaceIndexOrZero,
|
|
hm21to1EgressIntf InterfaceIndexOrZero,
|
|
hm21to1Priority Unsigned32,
|
|
hm21to1StorageType StorageType
|
|
}
|
|
|
|
hm21to1RuleIndex OBJECT-TYPE
|
|
SYNTAX Integer32 ( 1..255 )
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Rule index of this 1:1 NAT rule."
|
|
::= { hm21to1RuleEntry 1 }
|
|
|
|
hm21to1TargetAddress OBJECT-TYPE
|
|
SYNTAX DisplayString ( SIZE(1..20) )
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination address of packets to be NATed. Can be:
|
|
- Single address (a.b.c.d),
|
|
- address range in CIDR notation (a.b.c.d/n)
|
|
- the name of a Netobject ($NetobjectName)
|
|
- 'any' for no filtering at all"
|
|
::= { hm21to1RuleEntry 2 }
|
|
|
|
hm21to1NewTargetAddress OBJECT-TYPE
|
|
SYNTAX DisplayString ( SIZE(1..20) )
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"New Destination address of packets to be NATed. Can be:
|
|
- Single address (a.b.c.d),
|
|
- address range in CIDR notation (a.b.c.d/n)
|
|
- the name of a Netobject ($NetobjectName)
|
|
- 'any' for no filtering at all"
|
|
::= { hm21to1RuleEntry 3 }
|
|
|
|
hm21to1RuleParams OBJECT-TYPE
|
|
SYNTAX DisplayString ( SIZE(0..50) )
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Additional parameters to this rule as string.
|
|
Currently only the value 'none' is valid.
|
|
Reserved for future use."
|
|
::= { hm21to1RuleEntry 4 }
|
|
|
|
hm21to1Log OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Set to true if application of this rule shall be logged."
|
|
DEFVAL { false }
|
|
::={ hm21to1RuleEntry 5 }
|
|
|
|
|
|
hm21to1Trap OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Set to true if application of this rule shall send a trap."
|
|
DEFVAL { false }
|
|
::={ hm21to1RuleEntry 6 }
|
|
|
|
hm21to1RowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is a standard row status value:
|
|
- active(1): The rule is active. Note that until committed, the rule
|
|
will not be applied.
|
|
- notInService(2): The rule is inactive because of user action.
|
|
- notReady(3):The rule is inactive because it has an incomplete
|
|
configuration.
|
|
- createAndGo(4): Create the rule with default parameters
|
|
activated.
|
|
- createAndWait(5): Create the rule inactive.
|
|
- destroy(6): Delete the rule. You cannot delete a rule with
|
|
interface mappings to it."
|
|
::= { hm21to1RuleEntry 7 }
|
|
|
|
hm21to1Description OBJECT-TYPE
|
|
SYNTAX DisplayString ( SIZE(0..32) )
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "User defined textual description related to this rule."
|
|
DEFVAL { "" }
|
|
::= { hm21to1RuleEntry 8 }
|
|
|
|
hm21to1IngressIntf OBJECT-TYPE
|
|
SYNTAX InterfaceIndexOrZero
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the interface on which packets going to the target address
|
|
will arrive. This has to be either an hm2AgentSwitchIpInterfaceIfIndex
|
|
or an hm2AgentSwitchIpVlanIfIndex. Note that for physical interfaces
|
|
this only works if the corresponding
|
|
hm2AgentSwitchIpInterfaceRoutingMode is set to enable."
|
|
DEFVAL { 0 }
|
|
::= { hm21to1RuleEntry 9 }
|
|
|
|
hm21to1EgressIntf OBJECT-TYPE
|
|
SYNTAX InterfaceIndexOrZero
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the interface from which the new target address can be
|
|
reached. This has to be either an hm2AgentSwitchIpInterfaceIfIndex
|
|
or an hm2AgentSwitchIpVlanIfIndex. Note that for physical interfaces
|
|
this only works if the corresponding
|
|
hm2AgentSwitchIpInterfaceRoutingMode is set to enable."
|
|
|
|
DEFVAL { 0 }
|
|
::= { hm21to1RuleEntry 10 }
|
|
|
|
hm21to1Priority OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..6500)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The priority is the sorting key for rules in the chain to this
|
|
interface. They don't need to be unique per interface, but in that case,
|
|
no clear order can be assumed.
|
|
Priorities are processed in ascending order (0 highest priority)."
|
|
DEFVAL { 0 }
|
|
::= { hm21to1RuleEntry 11 }
|
|
|
|
hm21to1StorageType OBJECT-TYPE
|
|
SYNTAX StorageType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The storage type for this row. Rows having the value
|
|
'volatile' are not saved."
|
|
DEFVAL { nonVolatile }
|
|
::= { hm21to1RuleEntry 12 }
|
|
|
|
hm21to1Stats OBJECT IDENTIFIER ::={ hm21to1 3 }
|
|
|
|
hm21to1GeneralStats OBJECT IDENTIFIER ::= { hm21to1Stats 1 }
|
|
|
|
hm21to1StatsTotalPck OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of packets processed by 1:1 NAT."
|
|
::= { hm21to1GeneralStats 1 }
|
|
|
|
hm21to1StatsTotalPckSize OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of bytes processed by the 1:1 NAT."
|
|
::= { hm21to1GeneralStats 2 }
|
|
|
|
hm21to1StatsTotalPckDenDrop OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of packets dropped or denied by 1:1 NAT."
|
|
::={ hm21to1GeneralStats 3 }
|
|
|
|
hm21to1StatsTotalPckAccepted OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of packets accepted by 1:1 NAT."
|
|
::={ hm21to1GeneralStats 4 }
|
|
|
|
hm21to1StatsTables OBJECT IDENTIFIER ::= { hm21to1Stats 2 }
|
|
|
|
hm21to1StatsRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hm2OtoStatsRuleTableEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Table of per-rule statistics of 1:1 NAT."
|
|
::= { hm21to1StatsTables 1 }
|
|
|
|
Hm2OtoStatsRuleTableEntry ::= SEQUENCE {
|
|
hm21to1StatsPckCount Counter64,
|
|
hm21to1StatsPckSize Counter64,
|
|
hm21to1StatsLastApplied HmTimeSeconds1970
|
|
}
|
|
|
|
hm21to1StatsRuleTableEntry OBJECT-TYPE
|
|
SYNTAX Hm2OtoStatsRuleTableEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Statistics table entry for 1:1 NAT."
|
|
INDEX { hm21to1RuleIndex }
|
|
::={ hm21to1StatsRuleTable 1 }
|
|
|
|
hm21to1StatsPckCount OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets matched by this rule."
|
|
::={ hm21to1StatsRuleTableEntry 1 }
|
|
|
|
hm21to1StatsPckSize OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of bytes processed by this rule."
|
|
::={ hm21to1StatsRuleTableEntry 2 }
|
|
|
|
hm21to1StatsLastApplied OBJECT-TYPE
|
|
SYNTAX HmTimeSeconds1970
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Time of last application of the rule in seconds since 1.1.1970."
|
|
::={ hm21to1StatsRuleTableEntry 3 }
|
|
|
|
--******************************************************************************
|
|
-- Masquerading
|
|
--******************************************************************************
|
|
|
|
hm2MasqRuleAppliedTrap NOTIFICATION-TYPE
|
|
OBJECTS { hm2MasqRuleIndex }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A rule of masquerading was applied. The rule is
|
|
identified by the given rule index of the rule table."
|
|
::= { hm2NatNotifications 7 }
|
|
|
|
hm2MasqRuleAppliedAndLoggedTrap NOTIFICATION-TYPE
|
|
OBJECTS { hm2MasqRuleIndex }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A rule of masquerading was applied and logged according
|
|
the current logging mechanism. The rule is identified by the
|
|
given rule index of the rule table."
|
|
::= { hm2NatNotifications 8 }
|
|
|
|
hm2Masquerading OBJECT IDENTIFIER ::= { hm2NatObjects 5 }
|
|
|
|
hm2MasqRuleObjects OBJECT IDENTIFIER ::= { hm2Masquerading 1 }
|
|
|
|
hm2MasqRuleCount OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of current masquerading rules."
|
|
::= { hm2MasqRuleObjects 1 }
|
|
|
|
hm2MasqIfMappingRuleCount OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of current masquerading IF mapping entries."
|
|
::={ hm2MasqRuleObjects 2 }
|
|
|
|
hm2MasqRulePendingActions OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This value describes, whether the masquerading rule table was
|
|
modified but not yet written to the firewall implementation
|
|
(set to true). After writing all modifications to the firewall,
|
|
the value switches automatically back to false."
|
|
DEFVAL { false }
|
|
::={ hm2MasqRuleObjects 3 }
|
|
|
|
hm2MasqCommitPendingActions OBJECT-TYPE
|
|
SYNTAX HmActionValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Setting this value to action(2) writes not yet committed changes
|
|
to the firewall (DNAT and Interface Mapping Table). After
|
|
writing all modifications, the value switches automatically
|
|
back to noop(1)."
|
|
DEFVAL { noop }
|
|
::={ hm2MasqRuleObjects 4 }
|
|
|
|
hm2MasqRuleTables OBJECT IDENTIFIER ::= { hm2Masquerading 2 }
|
|
|
|
hm2MasqRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hm2MasqRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The list of masquerading rules for this firewall."
|
|
::= { hm2MasqRuleTables 1 }
|
|
|
|
hm2MasqRuleEntry OBJECT-TYPE
|
|
SYNTAX Hm2MasqRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Masquerading rule entry."
|
|
INDEX { hm2MasqRuleIndex }
|
|
::= { hm2MasqRuleTable 1 }
|
|
|
|
Hm2MasqRuleEntry ::=
|
|
SEQUENCE {
|
|
hm2MasqRuleIndex Integer32,
|
|
hm2MasqSourceAddress DisplayString,
|
|
hm2MasqSourcePort DisplayString,
|
|
hm2MasqProto INTEGER,
|
|
hm2MasqRuleParams DisplayString,
|
|
hm2MasqLog TruthValue,
|
|
hm2MasqTrap TruthValue,
|
|
hm2MasqRowStatus RowStatus,
|
|
hm2MasqDescription DisplayString,
|
|
hm2MasqIpsecExempt TruthValue
|
|
}
|
|
|
|
hm2MasqRuleIndex OBJECT-TYPE
|
|
SYNTAX Integer32 ( 1..128 )
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Rule index of this masquerading rule."
|
|
::= { hm2MasqRuleEntry 1 }
|
|
|
|
hm2MasqSourceAddress OBJECT-TYPE
|
|
SYNTAX DisplayString ( SIZE(1..20) )
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The source address of the packets to reroute. Allowed formats are:
|
|
- keyword 'any'
|
|
- IP address ('10.0.0.1')
|
|
- IP address range ('10.0.0.0/8')
|
|
- a prepending '!' selects the complement set
|
|
"
|
|
::= { hm2MasqRuleEntry 2 }
|
|
|
|
hm2MasqSourcePort OBJECT-TYPE
|
|
SYNTAX DisplayString ( SIZE(1..50) )
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The source port of the packet to reroute. Allowed formats are:
|
|
- keyword 'any'
|
|
- single ('10')
|
|
- range with first and last separated by hyphen
|
|
('10-15')
|
|
- comma separated list of s ('1235,25,123')
|
|
- combination of the points above ('10,25-30,125,1993')
|
|
|
|
The number of named ports (1 for each individual port, 2 for port
|
|
ranges) must not exceed 15."
|
|
DEFVAL { "any" }
|
|
::= { hm2MasqRuleEntry 3 }
|
|
|
|
hm2MasqProto OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
tcp(4),
|
|
udp(5),
|
|
any(9)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP protocol (RFC 791) for protocol-independent
|
|
filtering. The following values are currently
|
|
supported:
|
|
o tcp(4): transmission control protocol (RFC 793)
|
|
o udp(5): user datagram protocol (RFC 768)
|
|
o any(9): apply to all protocols"
|
|
DEFVAL { any }
|
|
::= { hm2MasqRuleEntry 4 }
|
|
|
|
|
|
hm2MasqRuleParams OBJECT-TYPE
|
|
SYNTAX DisplayString ( SIZE(0..50) )
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Additional parameters to this rule as string.
|
|
Currently only the value 'none' is valid.
|
|
Reserved for future use."
|
|
::= { hm2MasqRuleEntry 5 }
|
|
|
|
hm2MasqLog OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Set to true if application of this rule shall be logged."
|
|
DEFVAL { false }
|
|
::={ hm2MasqRuleEntry 6 }
|
|
|
|
|
|
hm2MasqTrap OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Set to true if application of this rule shall send a trap."
|
|
DEFVAL { false }
|
|
::={ hm2MasqRuleEntry 7 }
|
|
|
|
hm2MasqRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is a standard row status value:
|
|
- active(1): The rule is active. Note that until committed, the rule
|
|
will not be applied.
|
|
- notInService(2): The rule is inactive because of user action.
|
|
- notReady(3):The rule is inactive because it has an incomplete
|
|
configuration.
|
|
- createAndGo(4): Create the rule with default parameters
|
|
activated.
|
|
- createAndWait(5): Create the rule inactive.
|
|
- destroy(6): Delete the rule. You cannot delete a rule with
|
|
interface mappings to it."
|
|
::= { hm2MasqRuleEntry 8 }
|
|
|
|
hm2MasqDescription OBJECT-TYPE
|
|
SYNTAX DisplayString ( SIZE(0..32) )
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "User defined textual description related to this rule."
|
|
DEFVAL { "" }
|
|
::= { hm2MasqRuleEntry 9 }
|
|
|
|
hm2MasqIpsecExempt OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Set to true if application of this rule should ignore IPsec traffic."
|
|
DEFVAL { false }
|
|
::= { hm2MasqRuleEntry 10 }
|
|
|
|
hm2MasqRuleIfMappingTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hm2MasqRuleIfMappingEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Table for mapping masquerading rules to interfaces."
|
|
::={ hm2MasqRuleTables 2 }
|
|
|
|
|
|
hm2MasqRuleIfMappingEntry OBJECT-TYPE
|
|
SYNTAX Hm2MasqRuleIfMappingEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Entry in rule interface mapping table."
|
|
INDEX { hm2MasqIfmInterface, hm2MasqIfmDirection, hm2MasqIfmRuleIndex }
|
|
::={ hm2MasqRuleIfMappingTable 1 }
|
|
|
|
Hm2MasqRuleIfMappingEntry ::= SEQUENCE {
|
|
hm2MasqIfmRuleIndex Integer32,
|
|
hm2MasqIfmDirection INTEGER,
|
|
hm2MasqIfmPriority Unsigned32,
|
|
hm2MasqIfmInterface InterfaceIndex,
|
|
hm2MasqIfmRowStatus RowStatus
|
|
}
|
|
hm2MasqIfmRuleIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2048)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the 1:1 NAT rule this mapping entry is assigned
|
|
to."
|
|
::={ hm2MasqRuleIfMappingEntry 1 }
|
|
|
|
|
|
hm2MasqIfmDirection OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
ingress(1),
|
|
egress(2),
|
|
both(3)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"For masquerading, this can only be set to egress which is the interface
|
|
packets will be masqueraded to."
|
|
::={ hm2MasqRuleIfMappingEntry 2 }
|
|
|
|
hm2MasqIfmPriority OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..6500)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The priority is the sorting key for rules in the chain to this
|
|
interface. They don't need to be unique per interface, but in that case,
|
|
no clear order can be assumed.
|
|
Priorities are processed in ascending order (0 highest priority)."
|
|
::={ hm2MasqRuleIfMappingEntry 3 }
|
|
|
|
hm2MasqIfmInterface OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The interface this mapping entry is assigned to. This has to be either
|
|
an hm2AgentSwitchIpInterfaceIfIndex or an hm2AgentSwitchIpVlanIfIndex.
|
|
Note that for physical interfaces this only works if the corresponding
|
|
hm2AgentSwitchIpInterfaceRoutingMode is set to enable."
|
|
::={ hm2MasqRuleIfMappingEntry 4 }
|
|
|
|
hm2MasqIfmRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The RowStatus value for this entry with the usual meanings:
|
|
|
|
- active(1): The interface mapping is in place
|
|
- notInService(2): The interface mapping is not in place because the
|
|
user said so
|
|
- notReady(3): The interface mapping is not in place because the
|
|
agent said so
|
|
- createAndGo(4): Create this mapping with the default priority and
|
|
activate it.
|
|
- createAndWait(5): Create this mapping deactivated.
|
|
- destroy(6): Destroy this interface mapping."
|
|
::={ hm2MasqRuleIfMappingEntry 5 }
|
|
|
|
|
|
hm2MasqStats OBJECT IDENTIFIER ::={ hm2Masquerading 3 }
|
|
|
|
hm2MasqGeneralStats OBJECT IDENTIFIER ::= { hm2MasqStats 1 }
|
|
|
|
hm2MasqStatsTotalPck OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of packets processed by Masquerading"
|
|
::= { hm2MasqGeneralStats 1 }
|
|
|
|
|
|
hm2MasqStatsTotalPckSize OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of bytes processed by Masquerading"
|
|
::= { hm2MasqGeneralStats 2 }
|
|
|
|
hm2MasqStatsTotalPckDenDrop OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of packets dropped or denied by Masquerading"
|
|
::={ hm2MasqGeneralStats 3 }
|
|
|
|
hm2MasqStatsTotalPckAccepted OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of packets accepted by masquerading."
|
|
::={ hm2MasqGeneralStats 4 }
|
|
|
|
hm2MasqStatsRuleTables OBJECT IDENTIFIER ::= { hm2MasqStats 2 }
|
|
|
|
hm2MasqStatsRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hm2MasqStatsRuleTableEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Table of per-rule statistics of masquerading."
|
|
::= { hm2MasqStatsRuleTables 1 }
|
|
|
|
hm2MasqStatsRuleTableEntry OBJECT-TYPE
|
|
SYNTAX Hm2MasqStatsRuleTableEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Statistics table entry for masquerading."
|
|
INDEX { hm2MasqRuleIndex }
|
|
::={ hm2MasqStatsRuleTable 1 }
|
|
|
|
Hm2MasqStatsRuleTableEntry ::= SEQUENCE {
|
|
hm2MasqStatsPckCount Counter64,
|
|
hm2MasqStatsPckSize Counter64,
|
|
hm2MasqStatsLastApplied HmTimeSeconds1970
|
|
}
|
|
hm2MasqStatsPckCount OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets matched by this rule."
|
|
::={ hm2MasqStatsRuleTableEntry 1 }
|
|
|
|
hm2MasqStatsPckSize OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of bytes processed by this rule."
|
|
::={ hm2MasqStatsRuleTableEntry 2 }
|
|
|
|
hm2MasqStatsLastApplied OBJECT-TYPE
|
|
SYNTAX HmTimeSeconds1970
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Time of last application of the rule in seconds since 1.1.1970"
|
|
::={ hm2MasqStatsRuleTableEntry 3 }
|
|
|
|
|
|
--******************************************************************************
|
|
-- Double NAT
|
|
--******************************************************************************
|
|
|
|
hm2DonatRuleAppliedTrap NOTIFICATION-TYPE
|
|
OBJECTS { hm2DonatRuleIndex }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A rule of double NAT was applied. The rule is
|
|
identified by the given rule index of the rule table."
|
|
::= { hm2NatNotifications 9 }
|
|
|
|
hm2DonatRuleAppliedAndLoggedTrap NOTIFICATION-TYPE
|
|
OBJECTS { hm2DonatRuleIndex }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A rule of double NAT was applied and logged according
|
|
the current logging mechanism. The rule is identified by the
|
|
given rule index of the rule table."
|
|
::= { hm2NatNotifications 10 }
|
|
|
|
hm2DoubleNat OBJECT IDENTIFIER ::= { hm2NatObjects 6 }
|
|
|
|
hm2DoubleNatRuleObjects OBJECT IDENTIFIER ::= { hm2DoubleNat 1 }
|
|
|
|
|
|
hm2DoubleNatRuleCount OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Current number of rules for double NAT."
|
|
::= { hm2DoubleNatRuleObjects 1 }
|
|
|
|
hm2DoubleNatIfMappingRuleCount OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of current double NAT IF mapping entries."
|
|
::={ hm2DoubleNatRuleObjects 2 }
|
|
|
|
hm2DoubleNatRulePendingActions OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This value describes, whether the double NAT rule table was
|
|
modified but not yet written to the firewall implementation
|
|
(set to true). After writing all modifications to the firewall,
|
|
the value switches automatically back to false."
|
|
DEFVAL { false }
|
|
::={ hm2DoubleNatRuleObjects 3 }
|
|
|
|
hm2DoubleNatCommitPendingActions OBJECT-TYPE
|
|
SYNTAX HmActionValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Setting this value to action(2) writes not yet committed changes
|
|
to the firewall (double NAT and interface mapping table). After
|
|
writing all modifications, the value switches automatically
|
|
back to noop(1)."
|
|
DEFVAL { noop }
|
|
::={ hm2DoubleNatRuleObjects 4 }
|
|
|
|
hm2DoubleNatRuleTables OBJECT IDENTIFIER ::= { hm2DoubleNat 2 }
|
|
|
|
hm2DoubleNatRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hm2DoubleNatRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Table of double NAT rules."
|
|
::= { hm2DoubleNatRuleTables 1 }
|
|
|
|
hm2DoubleNatRuleEntry OBJECT-TYPE
|
|
SYNTAX Hm2DoubleNatRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Entry within double NAT rule table."
|
|
INDEX { hm2DonatRuleIndex }
|
|
::= { hm2DoubleNatRuleTable 1 }
|
|
|
|
Hm2DoubleNatRuleEntry ::= SEQUENCE {
|
|
hm2DonatRuleIndex Integer32,
|
|
hm2DonatLocalInternalIp DisplayString,
|
|
hm2DonatLocalExternalIp DisplayString,
|
|
hm2DonatRemoteInternalIp DisplayString,
|
|
hm2DonatRemoteExternalIp DisplayString,
|
|
hm2DonatRuleParams DisplayString,
|
|
hm2DonatLog TruthValue,
|
|
hm2DonatTrap TruthValue,
|
|
hm2DonatRowStatus RowStatus,
|
|
hm2DonatDescription DisplayString
|
|
}
|
|
|
|
hm2DonatRuleIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..255)
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Index of the rule within table."
|
|
::= { hm2DoubleNatRuleEntry 1 }
|
|
|
|
hm2DonatLocalInternalIp OBJECT-TYPE
|
|
SYNTAX DisplayString ( SIZE(1..20) )
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The real IP address of the first net/machine you want to double NAT.
|
|
Allowed formats are:
|
|
- keyword 'any'
|
|
- IP address ('10.0.0.1')
|
|
- IP address range ('10.0.0.0/8')"
|
|
::= { hm2DoubleNatRuleEntry 2 }
|
|
|
|
hm2DonatLocalExternalIp OBJECT-TYPE
|
|
SYNTAX DisplayString ( SIZE(1..20) )
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address where you want the first net/machine to be reachable
|
|
from the second net/machine.
|
|
Allowed formats are:
|
|
- keyword 'any'
|
|
- IP address ('10.0.0.1')
|
|
- IP address range ('10.0.0.0/8')"
|
|
::= { hm2DoubleNatRuleEntry 3 }
|
|
|
|
hm2DonatRemoteInternalIp OBJECT-TYPE
|
|
SYNTAX DisplayString ( SIZE(1..20) )
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The real IP address of the second net/machine you want to double NAT.
|
|
Allowed formats are:
|
|
- keyword 'any'
|
|
- IP address ('10.0.0.1')
|
|
- IP address range ('10.0.0.0/8')"
|
|
::= { hm2DoubleNatRuleEntry 4 }
|
|
|
|
hm2DonatRemoteExternalIp OBJECT-TYPE
|
|
SYNTAX DisplayString ( SIZE(1..20) )
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address where you want the second net/machine to be reachable
|
|
from the first net/machine.
|
|
Allowed formats are:
|
|
- keyword 'any'
|
|
- IP address ('10.0.0.1')
|
|
- IP address range ('10.0.0.0/8')"
|
|
::= { hm2DoubleNatRuleEntry 5 }
|
|
|
|
hm2DonatRuleParams OBJECT-TYPE
|
|
SYNTAX DisplayString ( SIZE(0..50) )
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Additional parameters to this rule as string.
|
|
Currently only the value 'none' is valid.
|
|
Reserved for future use."
|
|
::= { hm2DoubleNatRuleEntry 6 }
|
|
|
|
hm2DonatLog OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Set to true if application of this rule shall be logged."
|
|
DEFVAL { false }
|
|
::={ hm2DoubleNatRuleEntry 7 }
|
|
|
|
|
|
hm2DonatTrap OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Set to true if application of this rule shall send a trap."
|
|
DEFVAL { false }
|
|
::={ hm2DoubleNatRuleEntry 8 }
|
|
|
|
hm2DonatRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is a standard row status value:
|
|
- active(1): The rule is active. Note that until committed, the rule
|
|
will not be applied.
|
|
- notInService(2): The rule is inactive because of user action.
|
|
- notReady(3):The rule is inactive because it has an incomplete
|
|
configuration.
|
|
- createAndGo(4): Create the rule with default parameters
|
|
activated.
|
|
- createAndWait(5): Create the rule inactive.
|
|
- destroy(6): Delete the rule. You cannot delete a rule with
|
|
interface mappings to it."
|
|
::= { hm2DoubleNatRuleEntry 9 }
|
|
|
|
hm2DonatDescription OBJECT-TYPE
|
|
SYNTAX DisplayString ( SIZE(0..32) )
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "User defined textual description related to this rule."
|
|
DEFVAL { "" }
|
|
::= { hm2DoubleNatRuleEntry 10 }
|
|
|
|
hm2DonatRuleIfMappingTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hm2DonatRuleIfMappingEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Table for mapping double NAT rules to interfaces."
|
|
::={ hm2DoubleNatRuleTables 2 }
|
|
|
|
hm2DonatRuleIfMappingEntry OBJECT-TYPE
|
|
SYNTAX Hm2DonatRuleIfMappingEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Entry in rule interface mapping table."
|
|
INDEX { hm2DonatIfmInterface, hm2DonatIfmDirection, hm2DonatIfmRuleIndex }
|
|
::={ hm2DonatRuleIfMappingTable 1 }
|
|
|
|
Hm2DonatRuleIfMappingEntry ::= SEQUENCE {
|
|
hm2DonatIfmRuleIndex Integer32,
|
|
hm2DonatIfmDirection INTEGER,
|
|
hm2DonatIfmPriority Unsigned32,
|
|
hm2DonatIfmInterface InterfaceIndex,
|
|
hm2DonatIfmRowStatus RowStatus
|
|
}
|
|
|
|
hm2DonatIfmRuleIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2048)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the double NAT rule this mapping entry is assigned
|
|
to."
|
|
::={ hm2DonatRuleIfMappingEntry 1 }
|
|
|
|
|
|
hm2DonatIfmDirection OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
ingress(1),
|
|
egress(2),
|
|
both(3)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Meanings:
|
|
- ingress(1): The first net/machine can be reached through this
|
|
interface
|
|
- egress(2): The second net/machine can be reached through this
|
|
interface
|
|
- both(3): Both machines/nets can be reached through this interface"
|
|
::={ hm2DonatRuleIfMappingEntry 2 }
|
|
|
|
hm2DonatIfmPriority OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..6500)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The priority is the sorting key for rules in the chain to this
|
|
interface. They don't need to be unique per interface, but in that case,
|
|
no clear order can be assumed.
|
|
Priorities are processed in ascending order (0 highest priority)."
|
|
::={ hm2DonatRuleIfMappingEntry 3 }
|
|
|
|
hm2DonatIfmInterface OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The interface this mapping entry is assigned to. This has to be either
|
|
an hm2AgentSwitchIpInterfaceIfIndex or an hm2AgentSwitchIpVlanIfIndex.
|
|
Note that for physical interfaces this only works if the corresponding
|
|
hm2AgentSwitchIpInterfaceRoutingMode is set to enable."
|
|
::={ hm2DonatRuleIfMappingEntry 4 }
|
|
|
|
hm2DonatIfmRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The RowStatus value for this entry with the usual meanings:
|
|
|
|
- active(1): The interface mapping is in place
|
|
- notInService(2): The interface mapping is not in place because the
|
|
user said so
|
|
- notReady(3): The interface mapping is not in place because the
|
|
agent said so
|
|
- createAndGo(4): Create this mapping with the default priority and
|
|
activate it.
|
|
- createAndWait(5): Create this mapping deactivated.
|
|
- destroy(6): Destroy this interface mapping."
|
|
::={ hm2DonatRuleIfMappingEntry 5 }
|
|
|
|
|
|
hm2DonatStats OBJECT IDENTIFIER ::={ hm2DoubleNat 3 }
|
|
|
|
hm2DonatGeneralStats OBJECT IDENTIFIER ::= { hm2DonatStats 1 }
|
|
|
|
hm2DonatStatsTotalPck OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of packets processed by double NAT."
|
|
::= { hm2DonatGeneralStats 1 }
|
|
|
|
hm2DonatStatsTotalPckSize OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of bytes processed by double NAT."
|
|
::= { hm2DonatGeneralStats 2 }
|
|
|
|
hm2DonatStatsTotalPckDenDrop OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of packets dropped or denied by double NAT."
|
|
::={ hm2DonatGeneralStats 3 }
|
|
|
|
hm2DonatStatsTotalPckAcc OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total number of packets accepted by double NAT."
|
|
::={ hm2DonatGeneralStats 4 }
|
|
|
|
hm2DonatStatsRuleTables OBJECT IDENTIFIER ::= { hm2DonatStats 2 }
|
|
|
|
hm2DonatStatsRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hm2DonatStatsRuleTableEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Table of per-rule statistics of double NAT."
|
|
::= { hm2DonatStatsRuleTables 1 }
|
|
|
|
hm2DonatStatsRuleTableEntry OBJECT-TYPE
|
|
SYNTAX Hm2DonatStatsRuleTableEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Statistics table entry for double NAT."
|
|
INDEX { hm2DonatRuleIndex }
|
|
::={ hm2DonatStatsRuleTable 1 }
|
|
|
|
Hm2DonatStatsRuleTableEntry ::= SEQUENCE {
|
|
hm2DonatStatsPckCount Counter64,
|
|
hm2DonatStatsPckSize Counter64,
|
|
hm2DonatStatsLastApplied HmTimeSeconds1970
|
|
}
|
|
|
|
hm2DonatStatsPckCount OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of packets matched by this rule."
|
|
::={ hm2DonatStatsRuleTableEntry 1 }
|
|
|
|
hm2DonatStatsPckSize OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of bytes processed by this rule."
|
|
::={ hm2DonatStatsRuleTableEntry 2 }
|
|
|
|
hm2DonatStatsLastApplied OBJECT-TYPE
|
|
SYNTAX HmTimeSeconds1970
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Time of last application of the rule in seconds since 1.1.1970."
|
|
::={ hm2DonatStatsRuleTableEntry 3 }
|
|
|
|
--******************************************************************************
|
|
-- Compliance statements
|
|
--******************************************************************************
|
|
|
|
hm2NatCompliances OBJECT IDENTIFIER ::= { hm2NatConformance 1 }
|
|
hm2NatGroups OBJECT IDENTIFIER ::= { hm2NatConformance 2 }
|
|
|
|
hm2NatCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for an SNMP entity which
|
|
implements the Hirschmann NAT MIB."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS { hm2NatGeneralGroup, hm2NatNotificationsGroup }
|
|
::= { hm2NatCompliances 1 }
|
|
|
|
hm2NatGeneralGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
hm2DnatMaxRules,
|
|
hm2OneToOneNatMaxRules,
|
|
hm2DoubleNatMaxRules,
|
|
hm2MasqMaxRules,
|
|
hm2NatResetStatistics,
|
|
|
|
hm2DnatIfMappingRuleCount,
|
|
hm2DnatRulePendingActions,
|
|
hm2DnatCommitPendingActions,
|
|
hm2DnatRuleCount,
|
|
hm2DnatRuleIndex,
|
|
hm2DnatSourceAddress,
|
|
hm2DnatSourcePort,
|
|
hm2DnatTargetAddress,
|
|
hm2DnatTargetPort,
|
|
hm2DnatNewTargetAddress,
|
|
hm2DnatNewTargetPort,
|
|
hm2DnatProto,
|
|
hm2DnatRuleParams,
|
|
hm2DnatLog,
|
|
hm2DnatTrap,
|
|
hm2DnatDescription,
|
|
hm2DnatRowStatus,
|
|
hm2DnatIfmPriority,
|
|
hm2DnatIfmRowStatus,
|
|
hm2DnatStatsPckCount,
|
|
hm2DnatStatsPckSize,
|
|
hm2DnatStatsLastApplied,
|
|
hm2DnatStatsTotalPck,
|
|
hm2DnatStatsTotalPckSize,
|
|
hm2DnatStatsTotalPckDenDrop,
|
|
hm2DnatStatsTotalPckAccepted,
|
|
|
|
hm21to1IfMappingRuleCount,
|
|
hm21to1RulePendingActions,
|
|
hm21to1CommitPendingActions,
|
|
hm21to1RuleCount,
|
|
hm21to1RuleIndex,
|
|
hm21to1TargetAddress,
|
|
hm21to1NewTargetAddress,
|
|
hm21to1RuleParams,
|
|
hm21to1Log,
|
|
hm21to1Trap,
|
|
hm21to1Description,
|
|
hm21to1IngressIntf,
|
|
hm21to1EgressIntf,
|
|
hm21to1Priority,
|
|
|
|
hm21to1RowStatus,
|
|
hm21to1StatsPckCount,
|
|
hm21to1StatsPckSize,
|
|
hm21to1StatsLastApplied,
|
|
hm21to1StatsTotalPck,
|
|
hm21to1StatsTotalPckSize,
|
|
hm21to1StatsTotalPckDenDrop,
|
|
hm21to1StatsTotalPckAccepted,
|
|
|
|
hm2MasqIfMappingRuleCount,
|
|
hm2MasqRulePendingActions,
|
|
hm2MasqCommitPendingActions,
|
|
hm2MasqRuleCount,
|
|
hm2MasqRuleIndex,
|
|
hm2MasqSourceAddress,
|
|
hm2MasqSourcePort,
|
|
hm2MasqProto,
|
|
hm2MasqRuleParams,
|
|
hm2MasqLog,
|
|
hm2MasqTrap,
|
|
hm2MasqDescription,
|
|
hm2MasqRowStatus,
|
|
hm2MasqIfmPriority,
|
|
hm2MasqIfmRowStatus,
|
|
hm2MasqStatsPckCount,
|
|
hm2MasqStatsPckSize,
|
|
hm2MasqStatsLastApplied,
|
|
hm2MasqStatsTotalPck,
|
|
hm2MasqStatsTotalPckSize,
|
|
hm2MasqStatsTotalPckDenDrop,
|
|
hm2MasqStatsTotalPckAccepted,
|
|
|
|
hm2DoubleNatIfMappingRuleCount,
|
|
hm2DoubleNatRulePendingActions,
|
|
hm2DoubleNatCommitPendingActions,
|
|
hm2DoubleNatRuleCount,
|
|
hm2DonatRuleIndex,
|
|
hm2DonatLocalInternalIp,
|
|
hm2DonatLocalExternalIp,
|
|
hm2DonatRemoteInternalIp,
|
|
hm2DonatRemoteExternalIp,
|
|
hm2DonatRuleParams,
|
|
hm2DonatLog,
|
|
hm2DonatTrap,
|
|
hm2DonatDescription,
|
|
hm2DonatIfmPriority,
|
|
hm2DonatIfmRowStatus,
|
|
hm2DonatRowStatus,
|
|
hm2DonatStatsPckCount,
|
|
hm2DonatStatsPckSize,
|
|
hm2DonatStatsLastApplied,
|
|
hm2DonatStatsTotalPck,
|
|
hm2DonatStatsTotalPckSize,
|
|
hm2DonatStatsTotalPckDenDrop,
|
|
hm2DonatStatsTotalPckAcc
|
|
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of all Hirschmann objects provided by the Firewall
|
|
module."
|
|
::= { hm2NatGroups 1 }
|
|
|
|
hm2NatNotificationsGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS {
|
|
|
|
hm2DnatRuleAppliedTrap,
|
|
hm2DnatRuleAppliedAndLoggedTrap,
|
|
|
|
hm21to1RuleAppliedTrap,
|
|
hm21to1RuleAppliedAndLoggedTrap,
|
|
|
|
hm2MasqRuleAppliedTrap,
|
|
hm2MasqRuleAppliedAndLoggedTrap,
|
|
|
|
hm2DonatRuleAppliedTrap,
|
|
hm2DonatRuleAppliedAndLoggedTrap
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of all Hirschmann notifications provided by the
|
|
NAT module."
|
|
::= { hm2NatGroups 2 }
|
|
|
|
--******************************************************************************
|
|
-- hm2NatSNMPExtensionGroup
|
|
--******************************************************************************
|
|
|
|
hm2NatSNMPExtensionEgressInterfaceInvalid OBJECT-IDENTITY
|
|
STATUS current
|
|
DESCRIPTION "Indicates that the 1 to 1 NAT rule entry contains an invalid value
|
|
for egress interface that cannot be processed."
|
|
::= { hm2NatSNMPExtensionGroup 1 }
|
|
|
|
hm2NatSNMPExtensionIngressInterfaceInvalid OBJECT-IDENTITY
|
|
STATUS current
|
|
DESCRIPTION "Indicates that the 1 to 1 NAT rule entry contains an invalid value
|
|
for ingress interface that cannot be processed."
|
|
::= { hm2NatSNMPExtensionGroup 2 }
|
|
|
|
hm2NatSNMPExtensionIPsecExemptInvalid OBJECT-IDENTITY
|
|
STATUS current
|
|
DESCRIPTION "Indicates that the masquerading NAT rule entry contains an invalid value
|
|
for ipsec exempt that cannot be processed."
|
|
::= { hm2NatSNMPExtensionGroup 3 }
|
|
|
|
hm2NatSNMPExtensionLocalExternalIPInvalid OBJECT-IDENTITY
|
|
STATUS current
|
|
DESCRIPTION "Indicates that the double NAT rule entry contains an invalid value
|
|
for local external IP address that cannot be processed."
|
|
::= { hm2NatSNMPExtensionGroup 4 }
|
|
|
|
hm2NatSNMPExtensionLocalInternalIPInvalid OBJECT-IDENTITY
|
|
STATUS current
|
|
DESCRIPTION "Indicates that the double NAT rule entry contains an invalid value
|
|
for local internal IP address that cannot be processed."
|
|
::= { hm2NatSNMPExtensionGroup 5 }
|
|
|
|
hm2NatSNMPExtensionNewDestAddrInvalid OBJECT-IDENTITY
|
|
STATUS current
|
|
DESCRIPTION "Indicates that the 1 to 1/destination NAT rule entry contains an invalid value
|
|
for new destination address that cannot be processed."
|
|
::= { hm2NatSNMPExtensionGroup 6 }
|
|
|
|
hm2NatSNMPExtensionNewDestPortInvalid OBJECT-IDENTITY
|
|
STATUS current
|
|
DESCRIPTION "Indicates that the destination NAT rule entry contains an invalid value
|
|
for new destination port that cannot be processed."
|
|
::= { hm2NatSNMPExtensionGroup 7 }
|
|
|
|
hm2NatSNMPExtensionRemoteExternalIPInvalid OBJECT-IDENTITY
|
|
STATUS current
|
|
DESCRIPTION "Indicates that the double NAT rule entry contains an invalid value
|
|
for remote external IP address that cannot be processed."
|
|
::= { hm2NatSNMPExtensionGroup 8 }
|
|
|
|
hm2NatSNMPExtensionRemoteInternalIPInvalid OBJECT-IDENTITY
|
|
STATUS current
|
|
DESCRIPTION "Indicates that the double NAT rule entry contains an invalid value
|
|
for remote internal IP address that cannot be processed."
|
|
::= { hm2NatSNMPExtensionGroup 9 }
|
|
|
|
hm2NatSNMPExtensionBadDestAddr OBJECT-IDENTITY
|
|
STATUS current
|
|
DESCRIPTION "Indicates that the 1 to 1 NAT rule entry contains an invalid
|
|
destination IP address range and cannot be processed."
|
|
::= { hm2NatSNMPExtensionGroup 10 }
|
|
|
|
hm2NatSNMPExtensionBadNewDestAddr OBJECT-IDENTITY
|
|
STATUS current
|
|
DESCRIPTION "Indicates that the 1 to 1 NAT rule entry contains an invalid
|
|
new destination IP address range and cannot be processed."
|
|
::= { hm2NatSNMPExtensionGroup 11 }
|
|
|
|
hm2NatSNMPExtensionDestAndNewDestAddrSubnetError OBJECT-IDENTITY
|
|
STATUS current
|
|
DESCRIPTION "Indicates that the 1 to 1 NAT rule entry contains destination IP address
|
|
and new destination IP address which are not on the same subnet and cannot
|
|
be processed."
|
|
::= { hm2NatSNMPExtensionGroup 12 }
|
|
|
|
hm2NatSNMPExtensionBadRuleParameter OBJECT-IDENTITY
|
|
STATUS current
|
|
DESCRIPTION "Indicates that the 1 to 1 NAT rule entry contains invalid rule parameters
|
|
that cannot be processed."
|
|
::= { hm2NatSNMPExtensionGroup 13 }
|
|
|
|
hm2NatSNMPExtensionIngressAndEgressIntfEqualError OBJECT-IDENTITY
|
|
STATUS current
|
|
DESCRIPTION "Indicates that the 1 to 1 NAT rule entry contains the same values for ingress
|
|
and egress interfaces and cannot be processed."
|
|
::= { hm2NatSNMPExtensionGroup 14 }
|
|
END
|
|
|
|
|