1049 lines
32 KiB
Plaintext
1049 lines
32 KiB
Plaintext
-- ****************************************************************************
|
|
-- ****************************************************************************
|
|
-- Copyright(c) 2004 Mediatrix Telecom, Inc.
|
|
-- NOTICE:
|
|
-- This document contains information that is confidential and proprietary
|
|
-- to Mediatrix Telecom, Inc.
|
|
-- Mediatrix Telecom, Inc. reserves all rights to this document as well as
|
|
-- to the Intellectual Property of the document and the technology and
|
|
-- know-how that it includes and represents.
|
|
-- This publication cannot be reproduced, neither in whole nor in part in
|
|
-- any form whatsoever without written prior approval by
|
|
-- Mediatrix Telecom, Inc.
|
|
-- Mediatrix Telecom, Inc. reserves the right to revise this publication
|
|
-- and make changes at any time and without the obligation to notify any
|
|
-- person and/or entity of such revisions and/or changes.
|
|
-- ****************************************************************************
|
|
-- ****************************************************************************
|
|
|
|
MX-NAT-MIB
|
|
DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE,
|
|
Unsigned32,
|
|
Integer32
|
|
FROM SNMPv2-SMI
|
|
MODULE-COMPLIANCE,
|
|
OBJECT-GROUP
|
|
FROM SNMPv2-CONF
|
|
MxEnableState,
|
|
MxActivationState,
|
|
MxIpHostName,
|
|
MxIpAddress,
|
|
MxIpPort,
|
|
MxAdvancedIpPort,
|
|
MxIpSubnetMask,
|
|
MxDigitMap
|
|
FROM MX-TC
|
|
MxUInt64,
|
|
MxFloat32,
|
|
MxIpHostNamePort,
|
|
MxIpAddr,
|
|
MxIpAddrPort,
|
|
MxIpAddrMask,
|
|
MxUri,
|
|
MxUrl
|
|
FROM MX-TC2
|
|
mediatrixServices
|
|
FROM MX-SMI2;
|
|
|
|
natMIB MODULE-IDENTITY
|
|
LAST-UPDATED "1910210000Z"
|
|
ORGANIZATION " Mediatrix Telecom, Inc. "
|
|
CONTACT-INFO " Mediatrix Telecom, Inc.
|
|
4229, Garlock Street
|
|
Sherbrooke (Quebec)
|
|
Canada
|
|
Phone: (819) 829-8749
|
|
"
|
|
DESCRIPTION " Network Address Translation
|
|
|
|
The Network Address Translation (NAT) service allows the
|
|
administrator to change the source or destination IP address of
|
|
a packet.
|
|
"
|
|
::= { mediatrixServices 2275 }
|
|
|
|
natMIBObjects OBJECT IDENTIFIER ::= { natMIB 1 }
|
|
|
|
-- Scalar:Configuration Modified Status
|
|
|
|
configModifiedStatus OBJECT-TYPE
|
|
SYNTAX INTEGER { yes(100) , no(200) }
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Configuration Modified Status
|
|
|
|
Shows whether or not the Network Address Translation
|
|
configuration has been modified without being applied.
|
|
|
|
1. Yes: The configuration has been modified but it has not been
|
|
applied.
|
|
2. No: The Network Address Translation service uses the
|
|
configured rules.
|
|
|
|
Use the command Nat.ApplyConfig to apply the configuration.
|
|
|
|
"
|
|
::= { natMIBObjects 100 }
|
|
|
|
-- *****************************************************************************
|
|
|
|
-- Table:Source NAT Rules Status
|
|
|
|
-- *****************************************************************************
|
|
|
|
sNatRulesStatusTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SNatRulesStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION " Source NAT Rules Status
|
|
|
|
This table shows the rules applied in the source NAT.
|
|
"
|
|
::= { natMIBObjects 200 }
|
|
sNatRulesStatusEntry OBJECT-TYPE
|
|
SYNTAX SNatRulesStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION " A row in table Source NAT Rules Status. "
|
|
INDEX {
|
|
sNatRulesStatusPriority
|
|
}
|
|
|
|
::= { sNatRulesStatusTable 1 }
|
|
|
|
SNatRulesStatusEntry ::= SEQUENCE
|
|
{
|
|
sNatRulesStatusPriority Unsigned32,
|
|
sNatRulesStatusSourceAddress OCTET STRING,
|
|
sNatRulesStatusSourcePort OCTET STRING,
|
|
sNatRulesStatusDestinationAddress OCTET STRING,
|
|
sNatRulesStatusDestinationPort OCTET STRING,
|
|
sNatRulesStatusProtocol INTEGER,
|
|
sNatRulesStatusNewAddress OCTET STRING
|
|
}
|
|
|
|
-- Index:Rule Priority
|
|
|
|
sNatRulesStatusPriority OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Rule Priority
|
|
|
|
Unique identifier of the row in the table.
|
|
"
|
|
::= { sNatRulesStatusEntry 100 }
|
|
|
|
-- Columnar:Source Address
|
|
|
|
sNatRulesStatusSourceAddress OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Source Address
|
|
|
|
Source address[/mask] criteria an incoming packet must have to
|
|
match this rule.
|
|
|
|
An empty string matches any address.
|
|
|
|
"
|
|
::= { sNatRulesStatusEntry 200 }
|
|
|
|
-- Columnar:Source Port
|
|
|
|
sNatRulesStatusSourcePort OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Source Port
|
|
|
|
Source port[-port] criteria an incoming packet must have to
|
|
match this rule.
|
|
|
|
MinPort-MaxPort specifies a port range.
|
|
|
|
An empty string means that no filtering is applied on the
|
|
source port thus matching any port.
|
|
|
|
This parameter is only effective when the
|
|
SNatRulesStatus.Protocol parameter is set to Tcp or Udp.
|
|
|
|
"
|
|
::= { sNatRulesStatusEntry 300 }
|
|
|
|
-- Columnar:Destination Address
|
|
|
|
sNatRulesStatusDestinationAddress OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Destination Address
|
|
|
|
Destination address[/mask] criteria an incoming packet must
|
|
have to match this rule.
|
|
|
|
An empty string matches any address.
|
|
|
|
"
|
|
::= { sNatRulesStatusEntry 400 }
|
|
|
|
-- Columnar:Destination Port
|
|
|
|
sNatRulesStatusDestinationPort OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Destination Port
|
|
|
|
Destination port[-port] criteria an incoming packet must have
|
|
to match this rule.
|
|
|
|
MinPort-MaxPort specifies a port range.
|
|
|
|
An empty string means that no filtering is applied on the
|
|
destination port thus matching any port.
|
|
|
|
This parameter is only effective when the
|
|
SNatRulesStatus.Protocol parameter is set to Tcp or Udp.
|
|
|
|
"
|
|
::= { sNatRulesStatusEntry 500 }
|
|
|
|
-- Columnar:Protocol
|
|
|
|
sNatRulesStatusProtocol OBJECT-TYPE
|
|
SYNTAX INTEGER { all(100) , tcp(200) , udp(300) , icmp(400) }
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Protocol
|
|
|
|
Protocol criteria an incoming packet must have to match this
|
|
rule.
|
|
|
|
The protocol can be one of the following:
|
|
|
|
* All: Match packets using any protocol.
|
|
* Tcp: Only match TCP packets.
|
|
* Udp: Only match UDP packets.
|
|
* Icmp: Only match ICMP packets.
|
|
|
|
"
|
|
::= { sNatRulesStatusEntry 600 }
|
|
|
|
-- Columnar:New Address
|
|
|
|
sNatRulesStatusNewAddress OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " New Address
|
|
|
|
New address[:port] applied to the source of the packet.
|
|
|
|
When specifying a port number, it is mandatory to have the
|
|
protocol set to TCP or UDP.
|
|
|
|
"
|
|
::= { sNatRulesStatusEntry 700 }
|
|
|
|
-- End of table:Source NAT Rules Status
|
|
|
|
-- *****************************************************************************
|
|
|
|
-- Table:Source NAT Rules
|
|
|
|
-- *****************************************************************************
|
|
|
|
sNatRulesTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SNatRulesEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION " Source NAT Rules
|
|
|
|
This table shows the configured rules for source NAT.
|
|
"
|
|
::= { natMIBObjects 700 }
|
|
sNatRulesEntry OBJECT-TYPE
|
|
SYNTAX SNatRulesEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION " A row in table Source NAT Rules. "
|
|
INDEX {
|
|
sNatRulesPriority
|
|
}
|
|
|
|
::= { sNatRulesTable 1 }
|
|
|
|
SNatRulesEntry ::= SEQUENCE
|
|
{
|
|
sNatRulesPriority Unsigned32,
|
|
sNatRulesActivation MxEnableState,
|
|
sNatRulesSourceAddress OCTET STRING,
|
|
sNatRulesSourcePort OCTET STRING,
|
|
sNatRulesDestinationAddress OCTET STRING,
|
|
sNatRulesDestinationPort OCTET STRING,
|
|
sNatRulesProtocol INTEGER,
|
|
sNatRulesNewAddress OCTET STRING,
|
|
sNatRulesUp INTEGER,
|
|
sNatRulesDown INTEGER,
|
|
sNatRulesInsert INTEGER,
|
|
sNatRulesDelete INTEGER
|
|
}
|
|
|
|
-- Index:Rule Priority
|
|
|
|
sNatRulesPriority OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Rule Priority
|
|
|
|
Unique identifier of the row in the table.
|
|
"
|
|
::= { sNatRulesEntry 100 }
|
|
|
|
-- Row command:Down
|
|
|
|
sNatRulesDown OBJECT-TYPE
|
|
SYNTAX INTEGER { noOp(0), down(10) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Down
|
|
|
|
Moves the current row downside.
|
|
"
|
|
DEFVAL { noOp }
|
|
::= { sNatRulesEntry 1000 }
|
|
|
|
-- Row command:Insert
|
|
|
|
sNatRulesInsert OBJECT-TYPE
|
|
SYNTAX INTEGER { noOp(0), insert(10) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Insert
|
|
|
|
Inserts a new row before this row.
|
|
"
|
|
DEFVAL { noOp }
|
|
::= { sNatRulesEntry 1100 }
|
|
|
|
-- Row command:Delete
|
|
|
|
sNatRulesDelete OBJECT-TYPE
|
|
SYNTAX INTEGER { noOp(0), delete(10) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Delete
|
|
|
|
Deletes this row.
|
|
"
|
|
DEFVAL { noOp }
|
|
::= { sNatRulesEntry 1200 }
|
|
|
|
-- Columnar:Activation
|
|
|
|
sNatRulesActivation OBJECT-TYPE
|
|
SYNTAX MxEnableState
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Activation
|
|
|
|
Activates this rule.
|
|
|
|
* Enable: This rule is active in the SNAT.
|
|
* Disable: This rule is not in the SNAT.
|
|
|
|
"
|
|
DEFVAL { disable }
|
|
::= { sNatRulesEntry 200 }
|
|
|
|
-- Columnar:Source Address
|
|
|
|
sNatRulesSourceAddress OBJECT-TYPE
|
|
SYNTAX OCTET STRING ( SIZE(0..51) )
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Source Address
|
|
|
|
Source address of the incoming packet using the following
|
|
format: address[/mask] or network interface name/.
|
|
|
|
Address can be either a network IP address (using /mask) or one
|
|
of the host IP addresses.
|
|
|
|
When specifying a network interface name, it is mandatory to
|
|
use the suffix '/'. Doing so indicates that the network address
|
|
of this interface is used instead of the host address. Also, it
|
|
must match one of the values in the parameter
|
|
networkInterfacesStatusTable.InterfaceName from the Basic
|
|
Network Interface (BNI) service. Note that if the specified
|
|
network interface is disabled or removed, the rule is
|
|
automatically disabled thus removed from the NAT. When the
|
|
network interface is enabled or added back, the rule is
|
|
automatically enabled and applied in the NAT.
|
|
|
|
Mask must be a plain number specifying the number of binary 1s
|
|
at the left side of the network mask. E.g.: a mask of 24
|
|
specifies a network mask of 255.255.255.0.
|
|
|
|
Leaving the default empty string matches any address.
|
|
|
|
"
|
|
DEFVAL { "" }
|
|
::= { sNatRulesEntry 300 }
|
|
|
|
-- Columnar:Source Port
|
|
|
|
sNatRulesSourcePort OBJECT-TYPE
|
|
SYNTAX OCTET STRING ( SIZE(0..11) )
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Source Port
|
|
|
|
Source port of the incoming packet using the following format:
|
|
port[-port].
|
|
|
|
MinPort-MaxPort specifies a port range.
|
|
|
|
The default empty string means that no filtering is applied on
|
|
the source port thus matching any port.
|
|
|
|
This parameter is only effective when the SNatRules.Protocol
|
|
parameter is set to Tcp or Udp.
|
|
|
|
"
|
|
DEFVAL { "" }
|
|
::= { sNatRulesEntry 400 }
|
|
|
|
-- Columnar:Destination Address
|
|
|
|
sNatRulesDestinationAddress OBJECT-TYPE
|
|
SYNTAX OCTET STRING ( SIZE(0..51) )
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Destination Address
|
|
|
|
Destination address of the incoming packet using the following
|
|
format: address[/mask] or network interface name/.
|
|
|
|
Address can be either a network IP address (using /mask) or one
|
|
of the host IP addresses.
|
|
|
|
When specifying a network interface name, it is mandatory to
|
|
use the suffix '/'. Doing so indicates that the network address
|
|
of this interface is used instead of the host address. Also, it
|
|
must match one of the values in the parameter
|
|
networkInterfacesStatusTable.InterfaceName from the Basic
|
|
Network Interface (BNI) service. Note that if the specified
|
|
network interface is disabled or removed, the rule is
|
|
automatically disabled thus removed from the NAT. When the
|
|
network interface is enabled or added back, the rule is
|
|
automatically enabled and applied in the NAT.
|
|
|
|
Mask must be a plain number specifying the number of binary 1s
|
|
at the left side of the network mask. E.g.: a mask of 24
|
|
specifies a network mask of 255.255.255.0.
|
|
|
|
Leaving the default empty string matches any address.
|
|
|
|
"
|
|
DEFVAL { "" }
|
|
::= { sNatRulesEntry 500 }
|
|
|
|
-- Columnar:Destination Port
|
|
|
|
sNatRulesDestinationPort OBJECT-TYPE
|
|
SYNTAX OCTET STRING ( SIZE(0..11) )
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Destination Port
|
|
|
|
Destination port of the incoming packet using the following
|
|
format: port[-port].
|
|
|
|
MinPort-MaxPort specifies a port range.
|
|
|
|
The default empty string means that no filtering is applied on
|
|
the destination port thus matching any port.
|
|
|
|
This parameter is only effective when the SNatRules.Protocol
|
|
parameter is set to Tcp or Udp.
|
|
|
|
"
|
|
DEFVAL { "" }
|
|
::= { sNatRulesEntry 600 }
|
|
|
|
-- Columnar:Protocol
|
|
|
|
sNatRulesProtocol OBJECT-TYPE
|
|
SYNTAX INTEGER { all(100) , tcp(200) , udp(300) , icmp(400) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Protocol
|
|
|
|
Protocol of the incoming packet.
|
|
|
|
The protocol can be one of the following:
|
|
|
|
* All: Match packets using any protocol.
|
|
* Tcp: Only match TCP packets.
|
|
* Udp: Only match UDP packets.
|
|
* Icmp: Only match ICMP packets.
|
|
|
|
"
|
|
DEFVAL { all }
|
|
::= { sNatRulesEntry 700 }
|
|
|
|
-- Columnar:New Address
|
|
|
|
sNatRulesNewAddress OBJECT-TYPE
|
|
SYNTAX OCTET STRING ( SIZE(0..51) )
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " New Address
|
|
|
|
New address applied to the source of the packet using the
|
|
following syntax: address[:port].
|
|
|
|
When specifying a port number, it is mandatory to have the
|
|
protocol set to TCP or UDP.
|
|
|
|
"
|
|
DEFVAL { "" }
|
|
::= { sNatRulesEntry 800 }
|
|
|
|
-- Row command:Up
|
|
|
|
sNatRulesUp OBJECT-TYPE
|
|
SYNTAX INTEGER { noOp(0), up(10) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Up
|
|
|
|
Moves the current row upside.
|
|
"
|
|
DEFVAL { noOp }
|
|
::= { sNatRulesEntry 900 }
|
|
|
|
-- End of table:Source NAT Rules
|
|
|
|
-- *****************************************************************************
|
|
|
|
-- Table:Destination NAT Rules Status
|
|
|
|
-- *****************************************************************************
|
|
|
|
dNatRulesStatusTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DNatRulesStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION " Destination NAT Rules Status
|
|
|
|
This table shows the rules applied in the destination NAT.
|
|
"
|
|
::= { natMIBObjects 800 }
|
|
dNatRulesStatusEntry OBJECT-TYPE
|
|
SYNTAX DNatRulesStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION " A row in table Destination NAT Rules Status. "
|
|
INDEX {
|
|
dNatRulesStatusPriority
|
|
}
|
|
|
|
::= { dNatRulesStatusTable 1 }
|
|
|
|
DNatRulesStatusEntry ::= SEQUENCE
|
|
{
|
|
dNatRulesStatusPriority Unsigned32,
|
|
dNatRulesStatusSourceAddress OCTET STRING,
|
|
dNatRulesStatusSourcePort OCTET STRING,
|
|
dNatRulesStatusDestinationAddress OCTET STRING,
|
|
dNatRulesStatusDestinationPort OCTET STRING,
|
|
dNatRulesStatusProtocol INTEGER,
|
|
dNatRulesStatusNewAddress OCTET STRING
|
|
}
|
|
|
|
-- Index:Rule Priority
|
|
|
|
dNatRulesStatusPriority OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Rule Priority
|
|
|
|
Unique identifier of the row in the table.
|
|
"
|
|
::= { dNatRulesStatusEntry 100 }
|
|
|
|
-- Columnar:Source Address
|
|
|
|
dNatRulesStatusSourceAddress OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Source Address
|
|
|
|
Source address[/mask] criteria an incoming packet must have to
|
|
match this rule.
|
|
|
|
An empty string matches any address.
|
|
|
|
"
|
|
::= { dNatRulesStatusEntry 200 }
|
|
|
|
-- Columnar:Source Port
|
|
|
|
dNatRulesStatusSourcePort OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Source Port
|
|
|
|
Source port[-port] criteria an incoming packet must have to
|
|
match this rule.
|
|
|
|
MinPort-MaxPort specifies a port range.
|
|
|
|
An empty string means that no filtering is applied on the
|
|
source port thus matching any port.
|
|
|
|
This parameter is only effective when the
|
|
DNatRulesStatus.Protocol parameter is set to Tcp or Udp.
|
|
|
|
"
|
|
::= { dNatRulesStatusEntry 300 }
|
|
|
|
-- Columnar:Destination Address
|
|
|
|
dNatRulesStatusDestinationAddress OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Destination Address
|
|
|
|
Destination address[/mask] criteria an incoming packet must
|
|
have to match this rule.
|
|
|
|
An empty string matches any address.
|
|
|
|
"
|
|
::= { dNatRulesStatusEntry 400 }
|
|
|
|
-- Columnar:Destination Port
|
|
|
|
dNatRulesStatusDestinationPort OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Destination Port
|
|
|
|
Destination port[-port] criteria an incoming packet must have
|
|
to match this rule.
|
|
|
|
MinPort-MaxPort specifies a port range.
|
|
|
|
An empty string means that no filtering is applied on the
|
|
destination port thus matching any port.
|
|
|
|
This parameter is only effective when the
|
|
DNatRulesStatus.Protocol parameter is set to Tcp or Udp.
|
|
|
|
"
|
|
::= { dNatRulesStatusEntry 500 }
|
|
|
|
-- Columnar:Protocol
|
|
|
|
dNatRulesStatusProtocol OBJECT-TYPE
|
|
SYNTAX INTEGER { all(100) , tcp(200) , udp(300) , icmp(400) }
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Protocol
|
|
|
|
Protocol criteria an incoming packet must have to match this
|
|
rule.
|
|
|
|
The protocol can be one of the following:
|
|
|
|
* All: Match packets using any protocol.
|
|
* Tcp: Only match TCP packets.
|
|
* Udp: Only match UDP packets.
|
|
* Icmp: Only match ICMP packets.
|
|
|
|
"
|
|
::= { dNatRulesStatusEntry 600 }
|
|
|
|
-- Columnar:New Address
|
|
|
|
dNatRulesStatusNewAddress OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " New Address
|
|
|
|
New address[:port] applied to the destination of the packet.
|
|
|
|
When specifying a port number, it is mandatory to have the
|
|
protocol set to TCP or UDP.
|
|
|
|
"
|
|
::= { dNatRulesStatusEntry 700 }
|
|
|
|
-- End of table:Destination NAT Rules Status
|
|
|
|
-- *****************************************************************************
|
|
|
|
-- Table:Destination NAT Rules
|
|
|
|
-- *****************************************************************************
|
|
|
|
dNatRulesTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DNatRulesEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION " Destination NAT Rules
|
|
|
|
This table shows the configured rules for destination
|
|
NAT.
|
|
"
|
|
::= { natMIBObjects 900 }
|
|
dNatRulesEntry OBJECT-TYPE
|
|
SYNTAX DNatRulesEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION " A row in table Destination NAT Rules. "
|
|
INDEX {
|
|
dNatRulesPriority
|
|
}
|
|
|
|
::= { dNatRulesTable 1 }
|
|
|
|
DNatRulesEntry ::= SEQUENCE
|
|
{
|
|
dNatRulesPriority Unsigned32,
|
|
dNatRulesActivation MxEnableState,
|
|
dNatRulesSourceAddress OCTET STRING,
|
|
dNatRulesSourcePort OCTET STRING,
|
|
dNatRulesDestinationAddress OCTET STRING,
|
|
dNatRulesDestinationPort OCTET STRING,
|
|
dNatRulesProtocol INTEGER,
|
|
dNatRulesNewAddress OCTET STRING,
|
|
dNatRulesUp INTEGER,
|
|
dNatRulesDown INTEGER,
|
|
dNatRulesInsert INTEGER,
|
|
dNatRulesDelete INTEGER
|
|
}
|
|
|
|
-- Index:Rule Priority
|
|
|
|
dNatRulesPriority OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Rule Priority
|
|
|
|
Unique identifier of the row in the table.
|
|
"
|
|
::= { dNatRulesEntry 100 }
|
|
|
|
-- Row command:Down
|
|
|
|
dNatRulesDown OBJECT-TYPE
|
|
SYNTAX INTEGER { noOp(0), down(10) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Down
|
|
|
|
Moves the current row downside.
|
|
"
|
|
DEFVAL { noOp }
|
|
::= { dNatRulesEntry 1000 }
|
|
|
|
-- Row command:Insert
|
|
|
|
dNatRulesInsert OBJECT-TYPE
|
|
SYNTAX INTEGER { noOp(0), insert(10) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Insert
|
|
|
|
Inserts a new row before this row.
|
|
"
|
|
DEFVAL { noOp }
|
|
::= { dNatRulesEntry 1100 }
|
|
|
|
-- Row command:Delete
|
|
|
|
dNatRulesDelete OBJECT-TYPE
|
|
SYNTAX INTEGER { noOp(0), delete(10) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Delete
|
|
|
|
Deletes this row.
|
|
"
|
|
DEFVAL { noOp }
|
|
::= { dNatRulesEntry 1200 }
|
|
|
|
-- Columnar:State
|
|
|
|
dNatRulesActivation OBJECT-TYPE
|
|
SYNTAX MxEnableState
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " State
|
|
|
|
Activations this rule.
|
|
|
|
* Enable: This rule is active in the DNAT.
|
|
* Disable: This rule is not in the DNAT.
|
|
|
|
"
|
|
DEFVAL { disable }
|
|
::= { dNatRulesEntry 200 }
|
|
|
|
-- Columnar:Source Address
|
|
|
|
dNatRulesSourceAddress OBJECT-TYPE
|
|
SYNTAX OCTET STRING ( SIZE(0..51) )
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Source Address
|
|
|
|
Source address of the incoming packet using the following
|
|
format: address[/mask] or network interface name/.
|
|
|
|
Address can be either a network IP address (using /mask) or one
|
|
of the host IP addresses.
|
|
|
|
When specifying a network interface name, it is mandatory to
|
|
use the suffix '/'. Doing so indicates that the network address
|
|
of this interface is used instead of the host address. Also, it
|
|
must match one of the values in the parameter
|
|
networkInterfacesStatusTable.InterfaceName from the Basic
|
|
Network Interface (BNI) service. Note that if the specified
|
|
network interface is disabled or removed, the rule is
|
|
automatically disabled thus removed from the NAT. When the
|
|
network interface is enabled or added back, the rule is
|
|
automatically enabled and applied in the NAT.
|
|
|
|
Mask must be a plain number specifying the number of binary 1s
|
|
at the left side of the network mask. E.g.: a mask of 24
|
|
specifies a network mask of 255.255.255.0.
|
|
|
|
Leaving the default empty string matches any address.
|
|
|
|
"
|
|
DEFVAL { "" }
|
|
::= { dNatRulesEntry 300 }
|
|
|
|
-- Columnar:Source Port
|
|
|
|
dNatRulesSourcePort OBJECT-TYPE
|
|
SYNTAX OCTET STRING ( SIZE(0..11) )
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Source Port
|
|
|
|
Source port of the incoming packet using the following format:
|
|
port[-port].
|
|
|
|
MinPort-MaxPort specifies a port range.
|
|
|
|
The default empty string means that no filtering is applied on
|
|
the source port thus matching any port.
|
|
|
|
This parameter is only effective when the DNatRules.Protocol
|
|
parameter is set to Tcp or Udp.
|
|
|
|
"
|
|
DEFVAL { "" }
|
|
::= { dNatRulesEntry 400 }
|
|
|
|
-- Columnar:Destination Address
|
|
|
|
dNatRulesDestinationAddress OBJECT-TYPE
|
|
SYNTAX OCTET STRING ( SIZE(0..51) )
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Destination Address
|
|
|
|
Destination address of the incoming packet using the following
|
|
format: address[/mask] or network interface name/.
|
|
|
|
Address can be either a network IP address (using /mask) or one
|
|
of the host IP addresses.
|
|
|
|
When specifying a network interface name, it is mandatory to
|
|
use the suffix '/'. Doing so indicates that the network address
|
|
of this interface is used instead of the host address. Also, it
|
|
must match one of the values in the parameter
|
|
networkInterfacesStatusTable.InterfaceName from the Basic
|
|
Network Interface (BNI) service. Note that if the specified
|
|
network interface is disabled or removed, the rule is
|
|
automatically disabled thus removed from the NAT. When the
|
|
network interface is enabled or added back, the rule is
|
|
automatically enabled and applied in the NAT.
|
|
|
|
Mask must be a plain number specifying the number of binary 1s
|
|
at the left side of the network mask. E.g.: a mask of 24
|
|
specifies a network mask of 255.255.255.0.
|
|
|
|
Leaving the default empty string matches any address.
|
|
|
|
"
|
|
DEFVAL { "" }
|
|
::= { dNatRulesEntry 500 }
|
|
|
|
-- Columnar:Destination Port
|
|
|
|
dNatRulesDestinationPort OBJECT-TYPE
|
|
SYNTAX OCTET STRING ( SIZE(0..11) )
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Destination Port
|
|
|
|
Destination port of the incoming packet using the following
|
|
format: port[-port].
|
|
|
|
MinPort-MaxPort specifies a port range.
|
|
|
|
The default empty string means that no filtering is applied on
|
|
the destination port thus matching any port.
|
|
|
|
This parameter is only effective when the DNatRules.Protocol
|
|
parameter is set to Tcp or Udp.
|
|
|
|
"
|
|
DEFVAL { "" }
|
|
::= { dNatRulesEntry 600 }
|
|
|
|
-- Columnar:Protocol
|
|
|
|
dNatRulesProtocol OBJECT-TYPE
|
|
SYNTAX INTEGER { all(100) , tcp(200) , udp(300) , icmp(400) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Protocol
|
|
|
|
Protocol of the incoming packet.
|
|
|
|
The protocol can be one of the following:
|
|
|
|
* All: Match packets using any protocol.
|
|
* Tcp: Only match TCP packets.
|
|
* Udp: Only match UDP packets.
|
|
* Icmp: Only match ICMP packets.
|
|
|
|
"
|
|
DEFVAL { all }
|
|
::= { dNatRulesEntry 700 }
|
|
|
|
-- Columnar:New Address
|
|
|
|
dNatRulesNewAddress OBJECT-TYPE
|
|
SYNTAX OCTET STRING ( SIZE(0..51) )
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " New Address
|
|
|
|
New address applied to the destination of the packet using the
|
|
following syntax: address[:port].
|
|
|
|
When specifying a port number, it is mandatory to have the
|
|
protocol set to TCP or UDP.
|
|
|
|
"
|
|
DEFVAL { "" }
|
|
::= { dNatRulesEntry 800 }
|
|
|
|
-- Row command:Up
|
|
|
|
dNatRulesUp OBJECT-TYPE
|
|
SYNTAX INTEGER { noOp(0), up(10) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Up
|
|
|
|
Moves the current row upside.
|
|
"
|
|
DEFVAL { noOp }
|
|
::= { dNatRulesEntry 900 }
|
|
|
|
-- End of table:Destination NAT Rules
|
|
|
|
-- ****************************************************************************
|
|
|
|
-- Group:Notification Messages Configuration
|
|
|
|
-- ****************************************************************************
|
|
|
|
notificationsGroup OBJECT IDENTIFIER
|
|
::= { natMIBObjects 60010 }
|
|
-- Scalar:Minimal Severity of Notification
|
|
|
|
minSeverity OBJECT-TYPE
|
|
SYNTAX INTEGER { disable(0) , debug(100) , info(200) , warning(300) ,
|
|
error(400) , critical (500) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION " Minimal Severity of Notification
|
|
|
|
Sets the minimal severity to issue a notification message
|
|
incoming from this service.
|
|
|
|
* Disable: No notification is issued.
|
|
* Debug: All notification messages are issued.
|
|
* Info: Notification messages with a 'Informational' and
|
|
higher severity are issued.
|
|
* Warning: Notification messages with a 'Warning' and higher
|
|
severity are issued.
|
|
* Error: Notification messages with an 'Error' and higher
|
|
severity are issued.
|
|
* Critical: Notification messages with a 'Critical' severity
|
|
are issued.
|
|
|
|
"
|
|
DEFVAL { warning }
|
|
::= { notificationsGroup 100 }
|
|
|
|
-- End of group:Notification Messages Configuration
|
|
|
|
-- ****************************************************************************
|
|
|
|
-- Group:Configuration Settings
|
|
|
|
-- ****************************************************************************
|
|
|
|
configurationGroup OBJECT IDENTIFIER
|
|
::= { natMIBObjects 60020 }
|
|
-- Scalar:Need Restart
|
|
|
|
needRestartInfo OBJECT-TYPE
|
|
SYNTAX INTEGER { no(0) , yes(100) }
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION " Need Restart
|
|
|
|
Indicates if the service needs to be restarted for the
|
|
configuration to fully take effect.
|
|
|
|
* Yes: Service needs to be restarted.
|
|
* No: Service does not need to be restarted.
|
|
|
|
Services can be restarted by using the
|
|
Scm.ServiceCommands.Restart command.
|
|
|
|
"
|
|
::= { configurationGroup 100 }
|
|
|
|
-- End of group:Configuration Settings
|
|
|
|
END
|