156
Step Command Remarks
withdrawal.
Configuring NAT444 alarm logging
If the public IP addresses, port blocks, or ports in selected port blocks (including extended ones) are
all occupied, the NAT444 gateway cannot perform address translation and packets will be dropped.
To monitor the usage of public IP addresses and port block resources, you can configure NAT444
alarm logging.
A NAT444 gateway generates alarm logs when one of the following occurs:
• The ports in the selected port block of a static NAT444 mapping are all occupied.
• The ports in the selected port blocks (including extended ones) of a dynamic NAT444 mapping
are all occupied.
• The public IP addresses and port blocks for dynamic NAT444 mappings are all assigned.
Before configuring NAT444 alarm logging, you must configure the custom NAT444 log generation
and outputting features. For more information, see Network Management and Monitoring
Configuration Guide.
To configure NAT444 alarm logging:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enable NAT logging.
nat log enable
[
acl
{ ipv4-acl-number
|
name
ipv4-acl-name } ]
By default, NAT logging is
disabled.
The
acl
keyword does not take
effect on NAT444 alarm logging.
3. Enable NAT444 alarm
logging.
nat log alarm
By default, NAT444 alarm logging
is disabled.
Enabling sending ICMP error messages for NAT
failures
Disabling sending ICMP error messages for NAT failures reduces useless packets, saves bandwidth,
and avoids exposing the firewall IP address to the public network.
This feature is required for traceroute.
To enable sending ICMP error messages for NAT failures:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enable sending ICMP
error messages for NAT
failures.
nat icmp-error reply
By default, no ICMP error
messages are sent for NAT
failures.
To Next Page
Loading...
Need help?
General
