VMware Networking Community
bdamian
Expert
Expert
‎12-16-2021 08:28 AM

NSX-T Policy NAT Rule wrong behavior. Is this a Bug?

I've created a Service with Protocol=TCP and Destination Port=8080

bdamian_0-1639670724066.png

I've created a Firewall rule with this Service (TCP-8080) and it works as expected. The rule is applied for any request to the destination IP if the protocol is TCP and the port is 8080.

But, with DNAT rules the behavior is different (Wrong?).

I've creating a DNAT rule with Destination IP, Translated IP, Service (I assume protocol and destination port), and Translated Port. The meaning of this rule is that I have a VM with a private IP listening on TCP 80 and I want to expose this with a public IP on TCP 8080:

bdamian_1-1639671321600.png

But this rule doesn't work, and in the Manager console I notice that the Service Port is set as Translated Port in the NAT rule, and the Translated Port in Policy NAT rule is set as Destination Port in the NAT rule in Manager console.

bdamian_2-1639671573827.png

This is very confusing and I hope this can be fixed in following versions.

This was tested on versions 3.1.1 and 3.1.3

---
Damián Bacalov
vExpert 2017-2023 (7 years)
https://www.linkedin.com/in/damianbacalov/
https://tecnologiaimasd.blogspot.com/
twitter @bdamian
Labels (3)
Labels
Reply
0 Kudos
0 Replies