ADC CLI Commands

rnat

The following operations can be performed on “rnat”:

rename set stat show rm unbind add clear unset bind

rename rnat

Renames an RNAT rule.

Synopsis

rename rnat

Arguments

name Name of the RNAT rule that you want to rename.

newName New name for the RNAT4 rule. Must begin with an ASCII alphabetic or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters.

Example

rename rnat rnat-rule rnat-rule-new

set rnat

Modifies parameters of an RNAT rule.

Synopsis

set rnat [] \[-redirectPort ] \[-td <positive\_integer>] \[-srcippersistency \( ENABLED | DISABLED )] \[-useproxyport \( ENABLED | DISABLED )] \[-ownerGroup ] \[-connfailover \( ENABLED | DISABLED )]

Arguments

name Name for the RNAT4 rule. Must begin with a letter, number, or the underscore character (_), and can consist of letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at sign (@), equals (=), colon (:), and underscore characters. Cannot be changed after the rule is created. Choose a name that helps identify the RNAT4 rule.

redirectPort Port number to which the IPv4 packets are redirected. Applicable to TCP and UDP protocols. Minimum value: 1 Maximum value: 65535

td Integer value that uniquely identifies the traffic domain in which you want to configure the entity. If you do not specify an ID, the entity becomes part of the default traffic domain, which has an ID of 0. Minimum value: 0 Maximum value: 4094

srcippersistency Enables the Citrix ADC to use the same NAT IP address for all RNAT sessions initiated from a particular server.

Possible values: ENABLED, DISABLED Default value: DISABLED

useproxyport Enable source port proxying, which enables the Citrix ADC to use the RNAT ips using proxied source port.

Possible values: ENABLED, DISABLED Default value: ENABLED

ownerGroup The owner node group in a Cluster for this rnat rule. Default value: DEFAULT_NG

connfailover Synchronize all connection-related information for the RNAT sessions with the secondary ADC in a high availability (HA) pair.

Possible values: ENABLED, DISABLED Default value: DISABLED

stat rnat

Display statistics for rnat sessions.

Synopsis

stat rnat [-detail] [-fullValues] [-ntimes ] [-logFile ] [-clearstats ( basic full )]

Arguments

detail Specifies detailed output (including more statistics). The output can be quite voluminous. Without this argument, the output will show only a summary.

fullValues Specifies that numbers and strings should be displayed in their full form. Without this option, long strings are shortened and large numbers are abbreviated

ntimes The number of times, in intervals of seven seconds, the statistics should be displayed. Default value: 1 Minimum value: 0

logFile The name of the log file to be used as input.

clearstats Clear the statsistics / counters

Possible values: basic, full

Output

Counters

Bytes Received (rnatRxBytes) Bytes received during RNAT sessions.

Bytes Sent (rnatTxBytes) Bytes sent during RNAT sessions.

Packets Received (rnatRxPkts) Packets received during RNAT sessions.

Packets Sent (rnatTxPkts) Packets sent during RNAT sessions.

Syn Sent (rnatTxSyn) Requests for connections sent during RNAT sessions.

Current RNAT sessions (rnatSessions) Currently active RNAT sessions.

Example

stat rnat

show rnat

Display the Reverse NAT configuration.

Synopsis

show rnat []

Arguments

name Name of the RNAT rule whose details you want to display.

Output

network The network address.

netmask Subnet mask associated with the network address.

td Integer value that uniquely identifies the traffic domain in which you want to configure the entity. If you do not specify an ID, the entity becomes part of the default traffic domain, which has an ID of 0.

natIP Nat IP Address.

aclname Name of any configured extended ACL whose action is ALLOW. The condition specified in the extended ACL rule isused as the condition for the RNAT rule.

redirectPort Port number to which the IPv4 packets are redirected. Applicable to TCP and UDP protocols.

srcippersistency Enables the Citrix ADC to use the same NAT IP address for all RNAT sessions initiated from a particular server.

useproxyport Enable source port proxying, which enables the Citrix ADC to use the RNAT ips using proxied source port.

cfgflags This contains the flags for RNAT in DB

ownerGroup The owner node group in a Cluster for this rnat rule.

connfailover Synchronize all connection-related information for the RNAT sessions with the secondary ADC in a high availability (HA) pair.

retainsourceportrange When the source port range is configured and associated with the RNAT rule, Citrix ADC will choose a port from the specified source port range configured for connection establishment at the backend servers.

stateflag devno count

rm rnat

Remove the specified RNAT rule.

Synopsis

rm rnat @ ...

Arguments

name Name of the RNAT rule entry to be removed from the NetScaler appliance.

Example

rm rnat rnat_rule

unbind rnat

Unbinds the associated NAT IP4 address(es) from an RNAT rule.

Synopsis

unbind rnat \(@ ... | -retainsourceportrange <int\[-int]> ...)

Arguments

name Name of the RNAT rule from which to unbind the associated NAT IP address(es).

natIP IP address, or multiple NATIP addresses, to be unbound from the RNATrule. (If using the CLI, use spaces to separate multiple addresses.)

retainsourceportrange When the source port range is configured and associated with the RNAT rule, Citrix ADC will choose a port from the specified source port range configured for connection establishment at the backend servers. Minimum value: 1024 Maximum value: 65535

Example

unbind rnat rnat1 1.1.1.[1-2] 2.2.2.1 unbind rnat rnat1 -retainsrcportrange 2000-3000 4024

add rnat

Adds a Reverse Network Address Translation (RNAT) rule for IPv4 traffic. When an IPv4 packet generated by a servermatches the conditions specified in the RNAT rule, the appliance replaces the source IPv4 address of the IPv4 packet with a configured NAT IPv4 address before forwarding it to the destination.

Synopsis

add rnat \(\( \[]) | \( \[-redirectPort ])) \[-td <positive\_integer>] \[-srcippersistency \( ENABLED | DISABLED )] \[-useproxyport \( ENABLED | DISABLED )] \[-connfailover \( ENABLED | DISABLED )] \[-ownerGroup ]

Arguments

name Name for the RNAT4 rule. Must begin with a letter, number, or the underscore character (_), and can consist of letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at sign (@), equals (=), colon (:), and underscore characters. Cannot be changed after the rule is created. Choose a name that helps identify the RNAT4 rule.

network IPv4 network address on whose traffic you want the Citrix ADC to do RNAT processing.

netmask Subnet mask associated with the network address.

aclname Name of any configured extended ACL whose action is ALLOW. The condition specified in the extended ACL rule isused as the condition for the RNAT rule.

redirectPort Port number to which the IPv4 packets are redirected. Applicable to TCP and UDP protocols. Minimum value: 1 Maximum value: 65535

td Integer value that uniquely identifies the traffic domain in which you want to configure the entity. If you do not specify an ID, the entity becomes part of the default traffic domain, which has an ID of 0. Minimum value: 0 Maximum value: 4094

srcippersistency Enable source ip persistency, which enables the NetScaler appliance to use the RNAT ips using source ip.

Possible values: ENABLED, DISABLED Default value: DISABLED

useproxyport Enable source port proxying, which enables the NetScaler appliance to use the RNAT ips using proxied source port.

Possible values: ENABLED, DISABLED Default value: ENABLED

connfailover Synchronize all connection-related information for the RNAT sessions with the secondary ADC in a high availability (HA) pair.

Possible values: ENABLED, DISABLED Default value: DISABLED

ownerGroup The owner node group in a Cluster for this rnat rule. Default value: DEFAULT_NG

Example

add rnat rnat1 192.168.10.0 255.255.255.0 or add rnat rnat1 acl1

clear rnat

Removes an RNAT rule from the NetScaler appliance. NOTE: This command is deprecated.Command is Deprecated, Please use “rm rnat ###Synopsis

Arguments

network The network address defined for the RNAT entry.

netmask The subnet mask for the network address.

aclname An extended ACL defined for the RNAT entry.

td Integer value that uniquely identifies the traffic domain in which you want to configure the entity. If you do not specify an ID, the entity becomes part of the default traffic domain, which has an ID of 0. Minimum value: 0 Maximum value: 4094

ownerGroup The owner node group in a Cluster for this rnat rule. Default value: DEFAULT_NG

unset rnat

Resets the specified parameters of an RNAT rule to their default settings. Refer to the set rnat command for parameter descriptions..Refer to the set rnat command for meanings of the arguments.

Synopsis

unset rnat [] [-td ] [-redirectPort] [-srcippersistency] [-ownerGroup ] [-useproxyport] [-connfailover]

bind rnat

Binds specified IPv4 NAT IPs to an RNAT rule.

Synopsis

bind rnat \(@ ... | -retainsourceportrange <int\[-int]> ...)

Arguments

name Name of the RNAT rule to which to bind NAT IPs.

natIP One or more NATIP addresses to be bound to the RNAT rule.

retainsourceportrange When the source port range is configured and associated with the RNAT rule, Citrix ADC will choose a port from the specified source port range configured for connection establishment at the backend servers. Minimum value: 1024 Maximum value: 65535

Example

bind rnat rnat1 1.1.1.[1-2] 2.2.2.1 bind rnat rnat1 -retainsrcportrange 2000-3000 4024

rnat