Instead of querying the system directly, there is an option where a Python script can be generated on router and exported to an external node. This Python script contains mapping logic for the configured deterministic NAT in the router. The script can be then queried off-line to obtain mappings in either direction. The external node must have installed Python scripting language with the following modules: getopt, math, os, socket and sys.
The purpose of such off-line approach is to provide fast queries without accessing the router. Exporting the Python script for reverse querying is a manual operation that needs to be repeated every time there is configuration change in deterministic NAT.
The script is exported outside of the box to a remote location (assuming that writing permissions on the external node are correctly set). The remote location is specified with the following command:
config service nat deterministic-script location <remote-url>
<remote-url> - [{ftp:// | tftp://}<login>:<pswd>@<remote-locn>/][<file-path>]
180 chars max
The status of the script is shown using the following command:
show service nat deterministic-script
========================================================================
Deterministic NAT script data
========================================================================
Location : ftp://10.10.10.10/pub/det-nat-script/det-nat.py
Save needed : yes
Last save result : none
Last save time : N/A
========================================================================
After the script location is specified, the script can be exported to that location with the following command:
admin nat save-deterministic-script
This needs to be repeated manually every time the configuration affecting deterministic NAT changes.
Once the script is exported (saved), the status of the script is changed as well:
show service nat deterministic-script
========================================================================
Deterministic NAT script data
========================================================================
Location : ftp://10.10.10.10/pub/det-nat-script/det-nat.py
Save needed : no
Last save result : success
Last save time : 2013/01/07 10:33:43
========================================================================
The script itself can be run to obtain mapping in forward or backward direction:
user@external-server:/home/ftp/pub/det-nat-script$ ./det-nat.py
Usage: det-nat-.py {{DIRECTION PARAMS} | -h[elp] }
where DIRECTION := { -f[orward] | -b[ackward] }
where PARAMS := { -s[ervice] -a[ddress] -p[ort] }
The following displays an example in which source addresses are mapped in the following manner:
Router 10, Source-ip: 10.0.5.0-10.0.5.127 to router base, outside-ip 10.0.0.1
Router 10 Source-ip: 10.0.5.128-10.0.5.255 to router base outside-ip 10.0.0.2
The forward query for this example is performed as:
user@external-server:/home/ftp/pub/det-nat-script$ ./det-nat.py -f -s 10 -a 10.0.5.10
Output:
subscriber has public ip address 10.0.0.1 from service 0 and is using ports [1324 - 1353]
The reverse query for this example is performed as:
user@external-server:/home/ftp/pub/det-nat-script$ ./det-nat.py -b -s 0 -a 10.0.0.1 -p 3020
Output:
subscriber has private ip address 10.0.5.66 from service 10