ADC CLI Commands

inat

The following operations can be performed on “inat”:

rm add show unset set stat

rm inat

Remove the specified Inbound NAT configuration.

Synopsis

rm inat @

Arguments

name Name of the Inbound NAT entry to be removed from the Citrix ADC.

Example

rm nat mynat.

add inat

Adds an INAT rule to the Citrix ADC. When a packet generated by a client matches the conditions specified in the INAT rule, the appliance translates the packet’s public destination IP address to a private destination IP address and forwards the packet to the server at that address.

Synopsis

add inat @ @ @ \[-mode STATELESS | -tcpproxy \( ENABLED | DISABLED ) | -ftp \( ENABLED | DISABLED ) | -tftp \( ENABLED | DISABLED ) | -usip \( ON | OFF ) | -usnip \( ON | OFF ) | -proxyIP <ip\_addr|ipv6\_addr> | -useproxyport \( ENABLED | DISABLED )] \[-td <positive\_integer>] \[-connfailover \( ENABLED | DISABLED )]

Arguments

name Name for the Inbound NAT (INAT) entry. Leading character must be a number or letter. Other characters allowed, after the first character, are @ _ - . (period) : (colon) # and space ( ).

publicIP Public IP address of packets received on the Citrix ADC. Can be aNetScaler-owned VIP or VIP6 address.

privateIP IP address of the server to which the packet is sent by the Citrix ADC. Can be an IPv4 or IPv6 address.

mode Stateless translation.

Possible values: STATELESS

tcpproxy Enable TCP proxy, which enables the Citrix ADC to optimize the RNAT TCP traffic by using Layer 4 features.

Possible values: ENABLED, DISABLED Default value: DISABLED

ftp Enable the FTP protocol on the server for transferring files between the client and the server.

Possible values: ENABLED, DISABLED Default value: DISABLED

tftp To enable/disable TFTP (Default DISABLED).

Possible values: ENABLED, DISABLED Default value: DISABLED

usip Enable the Citrix ADC to retain the source IP address of packets before sending the packets to the server.

Possible values: ON, OFF Default value: VAL_NOT_SET

usnip Enable the Citrix ADC to use a SNIP address as the source IP address of packets before sending the packets to the server.

Possible values: ON, OFF Default value: VAL_NOT_SET

proxyIP Unique IP address used as the source IP address in packets sent to the server. Must be a MIP or SNIP address.

useproxyport Enable the Citrix ADC to proxy the source port of packets before sending the packets to the server.

Possible values: ENABLED, DISABLED Default value: ENABLED

td Integer value that uniquely identifies the traffic domain in which you want to configure the entity. If you do not specify an ID, the entity becomes part of the default traffic domain, which has an ID of 0. Minimum value: 0 Maximum value: 4094

connfailover Synchronize connection information with the secondary appliance in a high availability (HA) pair. That is, synchronize all connection-related information for the INAT session

Possible values: ENABLED, DISABLED Default value: DISABLED

Example

add nat mynat 1.2.3.4 192.168.1.100

show inat

show all configured inbound NAT.

Synopsis

show inat []

Arguments

name Name for the Inbound NAT (INAT) entry. Leading character must be a number or letter. Other characters allowed, after the first character, are @ _ - . (period) : (colon) # and space ( ).

Output

publicIP Public IP address of packets received on the Citrix ADC. Can be aNetScaler-owned VIP or VIP6 address.

privateIP IP address of the server to which the packet is sent by the Citrix ADC. Can be an IPv4 or IPv6 address.

proxyIP Source IP address for connection to a server.

tcpproxy Enable TCP proxy, which enables the Citrix ADC to optimize the RNAT TCP traffic by using Layer 4 features.

ftp Enable the FTP protocol on the server for transferring files between the client and the server.

tftp To enable/disable TFTP (Default DISABLED).

usip Enable the Citrix ADC to retain the source IP address of packets before sending the packets to the server.

usnip Enable the Citrix ADC to use a SNIP address as the source IP address of packets before sending the packets to the server.

useproxyport Enable the Citrix ADC to proxy the source port of packets before sending the packets to the server.

flags Flags for different modes

mode Stateless translation.

connfailover Synchronize connection information with the secondary appliance in a high availability (HA) pair. That is, synchronize all connection-related information for the INAT session

td Integer value that uniquely identifies the traffic domain in which you want to configure the entity. If you do not specify an ID, the entity becomes part of the default traffic domain, which has an ID of 0.

devno count stateflag

Example

show nat

unset inat

Use this command to remove inat settings.Refer to the set inat command for meanings of the arguments.

Synopsis

unset inat @ [-tcpproxy] [-ftp] [-tftp] [-usip] [-usnip] [-proxyIP] [-useproxyport] [-connfailover] [-mode]

set inat

Modifies parameters of an INAT rule.

Synopsis

set inat @ \[-privateIP <ip\_addr|ipv6\_addr>@] \[-tcpproxy \( ENABLED | DISABLED )] \[-ftp \( ENABLED | DISABLED )] \[-tftp \( ENABLED | DISABLED )] \[-usip \( ON | OFF )] \[-usnip \( ON | OFF )] \[-proxyIP <ip\_addr|ipv6\_addr>] \[-useproxyport \( ENABLED | DISABLED )] \[-connfailover \( ENABLED | DISABLED )] \[-mode STATELESS]

Arguments

name The name of the Inbound NAT (INAT) entry that you want to modify.

privateIP IP address of the server to which the packet is sent by the Citrix ADC. Can be an IPv4 or IPv6 address.

tcpproxy Enable TCP proxy, which enables the Citrix ADC to optimize the RNAT TCP traffic by using Layer 4 features.

Possible values: ENABLED, DISABLED Default value: DISABLED

ftp Enable the FTP protocol on the server for transferring files between the client and the server.

Possible values: ENABLED, DISABLED Default value: DISABLED

tftp To enable/disable TFTP (Default DISABLED).

Possible values: ENABLED, DISABLED Default value: DISABLED

usip Enable the Citrix ADC to retain the source IP address of packets before sending the packets to the server.

Possible values: ON, OFF Default value: VAL_NOT_SET

usnip Enable the Citrix ADC to use a SNIP address as the source IP address of packets before sending the packets to the server.

Possible values: ON, OFF Default value: VAL_NOT_SET

proxyIP A unique IP address used as the source IP address in packets sent to the server. Must be a MIP or SNIP address.

useproxyport Enable the Citrix ADC to proxy the source port of packets before sending the packets to the server.

Possible values: ENABLED, DISABLED Default value: ENABLED

connfailover Synchronize connection information with the secondary appliance in a high availability (HA) pair. That is, synchronize all connection-related information for the INAT session

Possible values: ENABLED, DISABLED Default value: DISABLED

mode Stateless translation.

Possible values: STATELESS

Example

set nat mynat -tcpproxy ENABLED

stat inat

Display statistics for inat sessions.

Synopsis

stat inat [] \[-detail] \[-fullValues] \[-ntimes <positive\_integer>] \[-logFile <input\_filename>] \[-clearstats \( basic | full )]

Arguments

name The INAT.

detail Specifies detailed output (including more statistics). The output can be quite voluminous. Without this argument, the output will show only a summary.

fullValues Specifies that numbers and strings should be displayed in their full form. Without this option, long strings are shortened and large numbers are abbreviated

ntimes The number of times, in intervals of seven seconds, the statistics should be displayed. Default value: 1 Minimum value: 0

logFile The name of the log file to be used as input.

clearstats Clear the statsistics / counters

Possible values: basic, full

Output

count devno stateflag

Counters

TCP Packets translated (V4->V6) (nat46TotTcp46) Total TCP packets translated (V4->v6).

UDP Packets translated (V4->V6) (nat46TotUdp46) Total UDP packets translated (V4->v6).

ICMP Packets translated (V4->V6) (nat46TotIcmp46) Total ICMP packets translated (V4->v6).

Total IPV4 packets dropped (nat46Totdrop46) Total IPV4 packets dropped.

TCP Packets translated (V6->V4) (nat46TotTcp64) Total TCP packets translated (V6->v4).

UDP Packets translated (V6->V4) (nat46TotUdp64) Total UDP packets translated (V6->v4).

ICMP Packets translated (V6->V4) (nat46TotIcmp64) Total ICMP packets translated (V6->v4).

Total IPV6 packets dropped (nat46Totdrop64) Total IPV6 packets dropped.

TCP Packets translated (V4->V6) (inatNat46Tcp46) TCP packets translated (V4->v6).

UDP Packets translated (V4->V6) (inatNat46Udp46) UDP packets translated (V4->v6).

ICMP Packets translated (V4->V6) (inatNat46Icmp46) ICMP packets translated (V4->v6).

IPV4 packets dropped (inatNat46drop46) IPV4 packets dropped.

TCP Packets translated (V6->V4) (inatNat46Tcp64) TCP packets translated (V6->v4).

UDP Packets translated (V6->V4) (inatNat46Udp64) UDP packets translated (V6->v4).

ICMP Packets translated (V6->V4) (inatNat46Icmp64) ICMP packets translated (V6->v4).

IPV6 packets dropped (inatNat46drop64) IPV6 packets dropped.

Example

stat inat

inat