Manage NAT Chain Settings

To manage chain functions/settings, click on the name in the Chain column (displays dialog). 

Add Chain Setting (all Type selections)

1. Go to Security :: NAT.
2. In the Chain column, locate and click on the name (displays dialog).
3. Click Add (displays dialog). 
4. On Target menu:
   1. On Target drop-down, select one (ACCEPT, DNAT, REDIRECT, LOG, RETURN).
   2. Enter Rule Number.
   3. Enter Description.
5. On the Match Options menu:
   1. Enter Source IP/Mask.
   2. Select Reverse match for source IP/mask checkbox.
   3. Enter Destination IP/Mask.
   4. Enter Source MAC Address.
   5. Select Reverse match for source MAC address checkbox.
      
      
      Note: The Source MAC Address and Reverse Match for the source MAC Address fields are applicable only for Input, PREROUTING, and FORWARD chains.
   6. Select Reverse match for destination IP/mask checkbox.
   7. Select the required Input Interface from the drop-down list. (Any, lo, eth0, eth1).
      
      
      Note: The Source MAC Address and Reverse Match for the source MAC Address fields are applicable only for Input, PREROUTING, and FORWARD chains 
      Select Reverse match for the input interface checkbox.
   8. Select Enable State Matchcheckbox (displays options – one or more can be selected):
      • NEW checkbox
      • ESTABLISHED checkbox
      • RELATED checkbox
      • INVALID checkbox
      • SNAT checkbox
      • DNAT checkbox
      • Reverse state match checkbox
6. On the Fragments drop-down, select one (All packets and fragments, Unfragmented packets and 1st packets, 2nd and further packets).
   (if Type selection: DNAT) Enter To Destination.
7. On the Protocol menu, select one:
   • Numeric radio button (expands dialog). Enter the Protocol Number. 
   • TCP radio button (expands dialog). 
     • Enter Source Port.
     • Enter Destination Port.
     • Enter To Ports.
       
     • TCP Flag SYN drop-down, select one (Any, Set, Unset).
     • TCP Flag ACK drop-down, select one (Any, Set, Unset).
       
     • TCP Flag FIN drop-down, select one (Any, Set, Unset).
       
     • TCP Flag RST drop-down, select one (Any, Set, Unset).
       
     • TCP Flag URG drop-down, select one (Any, Set, Unset).
       
     • TCP Flag PSH drop-down, select one (Any, Set, Unset).
     • Select Reverse Match for the TCP Flags checkbox.
   • UDP radio button (expands dialog):
     
     • Enter Source Port.
     • Enter Destination Port.
     • Enter To Ports.
   • ICMP radio button (expands dialog):
     
     • On ICMP Type drop-down, select one.
     • Select Reverse match for ICMP type checkbox.
8. Select Reverse match for the protocol checkbox.
9. Select Reverse match for the source port checkbox.
10. Select Reverse match for the destination port checkbox.
11. On the Log Options menu (shows when Type selection: LOG).
    
    1. On the Log Level drop-down, select one (Debug, Info, Notice, Warning, Error, Critical, Alert, Emergency).
    2. Enter Log Profile (name of this profile).
    3. Select Log TCP Sequence Numbers checkbox.
    4. Select Log Options From The TCP Packet Header checkbox.
    5. Select Log Options From The IP Packet Header checkbox.
12. Click Save.

Edit Chain Setting

1. Go to Security :: NAT.
2. In the Chain column, locate and click on the checkbox.
3. Click Edit (displays dialog).
4. Make changes, as needed.
5. Click Save.

Delete Chain Setting

1. Go to Security :: NAT.
2. In the Chain column, locate and select the checkbox next to the name.
3. Click Delete.
4. On the confirmation dialog, click OK.

Move Chain Up

1. Go to Security :: NAT.
2. In the Chain column, locate and select the checkbox on the name.
3. Click Up to move up.

Move Chain Down

1. Go to Security :: NAT.
2. In the Chain column, locate and select the checkbox on the name.
3. Click Down to move down.