» nsxt_nat_rule
This resource provides a means to configure a NAT rule in NSX. NAT provides network address translation between one IP address space and another IP address space. NAT rules can be destination NAT or source NAT rules.
» Example Usage
resource "nsxt_nat_rule" "rule1" {
logical_router_id = "${nsxt_logical_tier1_router.rtr1.id}"
description = "NR provisioned by Terraform"
display_name = "NR"
action = "SNAT"
enabled = true
logging = true
nat_pass = false
translated_network = "4.4.0.0/24"
match_destination_network = "3.3.3.0/24"
match_source_network = "5.5.5.0/24"
tag {
scope = "color"
tag = "blue"
}
}
» Argument Reference
The following arguments are supported:
-
logical_router_id
- (Required) ID of the logical router. -
description
- (Optional) Description of this resource. -
display_name
- (Optional) The display name of this resource. Defaults to ID if not set. -
tag
- (Optional) A list of scope + tag pairs to associate with this NAT rule. -
action
- (Required) NAT rule action type. Valid actions are: SNAT, DNAT, NO_NAT and REFLEXIVE. All rules in a logical router are either stateless or stateful. Mix is not supported. SNAT and DNAT are stateful, and can NOT be supported when the logical router is running at active-active HA mode. The REFLEXIVE action is stateless. The NO_NAT action has no translated_fields, only match fields. -
enabled
- (Optional) enable/disable the rule. -
logging
- (Optional) enable/disable the logging of rule. -
match_destination_network
- (Required for action=DNAT, not allowed for action=REFLEXIVE) IP Address | CIDR. Omitting this field implies Any. -
match_source_network
- (Required for action=NO_NAT or REFLEXIVE, Optional for the other actions) IP Address | CIDR. Omitting this field implies Any. -
nat_pass
- (Optional) Enable/disable to bypass following firewall stage. The default is true, meaning that the following firewall stage will be skipped. Please note, if action is NO_NAT, then nat_pass must be set to true or omitted. -
translated_network
- (Required for action=DNAT or SNAT) IP Address | IP Range | CIDR. -
translated_ports
- (Optional) port number or port range. Allowed only when action=DNAT.
» Attributes Reference
In addition to arguments listed above, the following attributes are exported:
-
id
- ID of the NAT rule. -
revision
- Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging. -
rule_priority
- The priority of the rule which is ascending, valid range [0-2147483647]. If multiple rules have the same priority, evaluation sequence is undefined.
» Importing
An existing NAT rule can be imported into this resource, via the following command:
terraform import nsxt_nat_rule.rule1 logical-router-uuid/nat-rule-num
The above command imports the NAT rule named rule1
with the number id nat-rule-num
that belongs to the tier 1 logical router with the NSX id logical-router-uuid
.