Static port forwards (SPF) for NAT and firewall can be installed using the Alc-Static-Port-Forward Extended VSA. This section describes the format used for each application. Figure: Alc-Static-Port-Forward: Format for l2-aware NAT static port forwards illustrates a diagram showing an overview of this syntax.
For l2-aware, the format looks as follows:
{c|d}<space>protocol<space>inside-ip<space>outside-port[->insideport][,outside-port[->insideport]]*[;policy-name]
Table: l2-aware field descriptions describes the l2-aware format.
| Field name | Description |
|---|---|
|
c/d |
This field specifies whether the specified SPF needs to be created or deleted. |
|
protocol |
This field specifies the protocol to which this SPF applies. This can be either the literals 'udp' or 'tcp' or the protocol numbers 6 or 17. |
|
inside-ip |
This field specifies the inside IP to which the SPF traffic is forwarded. |
|
outside-port, inside-port |
This field is a list of ports that is opened. If inside-port is not specified, it is chosen the same as outside-port. Each specified (inside,outside) port pair results in a separate installed SPF. |
|
policy-name |
This field is the policy to which this SPF applies. If not provided, the default policy of the subscriber (sub-profile changes) is used. |
Figure: Alc-Static-Port-Forward: Format for residential firewall static port forwards illustrates a diagram showing an overview of the residential firewall format.
For residential firewall, the format looks as follows:
{c|d}<space>protocol<space>ip[<space>port[,]]*[<space>foreign-prefix[<space>foreign-port]]
Table: Residential firewall field descriptions describes the Residential Firewall format.
| Field name | Description |
|---|---|
|
c/d |
This field specifies whether the specified SPF needs to be created or deleted. |
|
protocol |
This field specifies the protocol to which this SPF applies. For tcp or udp, the literal tcp or udp can be used. Only SPFs for TCP, UDP and supported unknown protocols can be used. SPFs for other protocols (for example, ICMPv6) are not supported. Note - If ICMPv6 is configured as an unknown protocol, a warning is issued. |
|
ip |
This field specifies the IP to which the SPF applies. |
|
port |
This field is a list of ports that are opened. No port may be specified for unknown protocols and at least one port needs to be specified for TCP/UDP. |
|
foreign-prefix |
This field limits the SPF to only allow traffic received from this prefix. |
|
foreign-port |
This field further limits traffic to this specific port. |
Any Static Port Forwards that are syntactically correct, but do not apply (for example, unused NAT policy or nonexistent IP) also count toward the maximum supported port forwards.