Terraform module which manages NSX-T NAT-Rule ressources on VMWare Cloud Director.
| Name | Version |
|---|---|
| terraform | >= 1.1.9 |
| vcd | >= 3.9.0 |
| Name | Version |
|---|---|
| vcd | 3.9.0 |
No modules.
| Name | Type |
|---|---|
| vcd_nsxt_nat_rule.nsxt_nat_rule | resource |
| vcd_nsxt_app_port_profile.nsxt_app_port_profile | data source |
| vcd_nsxt_edgegateway.nsxt_edgegateway | data source |
| vcd_vdc_group.vdc_group | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| name | A name for the NAT rule. | string |
n/a | yes |
| rule_type | One of DNAT, NO_DNAT, SNAT, NO_SNAT, REFLEXIVE | string |
n/a | yes |
| vdc_edgegateway_name | The name for the Edge Gateway. | string |
n/a | yes |
| vdc_group_name | The name of the VDC group. | string |
n/a | yes |
| vdc_org_name | The name of the organization to use. | string |
n/a | yes |
| app_port_profile | Application Port Profile and its scope to which to apply the rule. The Application Port Profile includes a port, and a protocol that the incoming traffic uses on the edge gateway to connect to the internal network. | map(string) |
null |
no |
| description | A description for the NAT rule. | string |
null |
no |
| dnat_external_port | For DNAT only. This represents the external port number or port range when doing DNAT port forwarding from external to internal. The default dnatExternalPort is “ANY” meaning traffic on any port for the given IPs selected will be translated. | number |
null |
no |
| enabled | Enables or disables the NAT rule. | bool |
true |
no |
| external_address | The external address for the NAT Rule. This must be supplied as a single IP or Network CIDR. For a DNAT rule, this is the external facing IP Address for incoming traffic. For an SNAT rule, this is the external facing IP Address for outgoing traffic. These IPs are typically allocated/suballocated IP Addresses on the Edge Gateway. For a REFLEXIVE rule, these are the external facing IPs. | string |
null |
no |
| firewall_match | (VCD 10.2.2+) - You can set a firewall match rule to determine how firewall is applied during NAT. One of MATCH_INTERNAL_ADDRESS, MATCH_EXTERNAL_ADDRESS, BYPASS. | string |
"MATCH_INTERNAL_ADDRESS" |
no |
| internal_address | The internal address for the NAT Rule. This must be supplied as a single IP or Network CIDR. For a DNAT rule, this is the internal IP address for incoming traffic. For an SNAT rule, this is the internal IP Address for outgoing traffic. For a REFLEXIVE rule, these are the internal IPs. These IPs are typically the Private IPs that are allocated to workloads. | string |
null |
no |
| logging | Enable to have the address translation performed by this rule logged. Note User might lack rights (Organization Administrator role by default is missing Gateway -> Configure System Logging right) to enable logging, but API does not return error and it is not possible to validate it. terraform plan might show difference on every update. | bool |
false |
no |
| priority | (VCD 10.2.2+) - if an address has multiple NAT rules, you can assign these rules different priorities to determine the order in which they are applied. A lower value means a higher priority for this rule. | number |
0 |
no |
| snat_destination_address | For SNAT only. The destination addresses to match in the SNAT Rule. This must be supplied as a single IP or Network CIDR. Providing no value for this field results in match with ANY destination network. | string |
null |
no |
| Name | Description |
|---|---|
| id | The ID of the NAT-Rule. |
module "nat_rule" {
source = "git::https://github.com/noris-network/terraform-vcd-nsxt-nat-rule?ref=1.0.1"
name = "outbound_snat"
vdc_org_name = "1-2"
vdc_group_name = "1-2-nbg"
vdc_edgegateway_name = "T1-1-2-nbg"
rule_type = "SNAT"
external_address = "123.234.123.234"
internal_address = "10.0.0.0/8"
}
locals {
nat_rules = [
{
name = "outbound_nat"
rule_type = "SNAT"
external_address = "123.234.123.235"
internal_address = "192.168.0.0/24"
},
{
name = "no_snat-192.168.0.0/24"
rule_type = "NO_SNAT"
internal_address = "192.168.0.0/24"
snat_destination_address = "192.168.0.0/24"
},
{
name = "inbound_nat_ssh"
rule_type = "DNAT"
external_address = "123.234.123.236"
internal_address = "192.168.0.150"
dnat_external_port = "10022"
app_port_profile = {
name = "SSH"
scope = "SYSTEM"
}
}
]
}
module "nat_rules" {
source = "git::https://github.com/noris-network/terraform-vcd-nsxt-nat-rule?ref=1.0.1"
for_each = { for nat_rule in locals.nat_rules : nat_rule.name => nat_rule }
name = "${each.value.name}_${terraform.workspace}"
vdc_org_name = var.vdc_org_name
vdc_edgegateway_name = var.vdc_edge_gateway_name
vdc_group_name = var.vdc_group_name
rule_type = each.value.rule_type
external_address = try(each.value.external_address, null)
internal_address = try(each.value.internal_address, null)
}
v1.0.1- Gather ID for Application Port Profilesv1.0.0- Initial release