cisco.meraki.meraki_mx_nat module – Manage NAT rules in Meraki cloud
Note
This module is part of the cisco.meraki collection (version 2.8.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install cisco.meraki
.
To use it in a playbook, specify: cisco.meraki.meraki_mx_nat
.
Synopsis
Allows for creation, management, and visibility of NAT rules (1:1, 1:many, port forwarding) within Meraki.
Parameters
Parameter |
Comments |
---|---|
Authentication key provided by the dashboard. Required if environmental variable |
|
Hostname for Meraki dashboard. Can be used to access regional Meraki environments, such as China. Default: “api.meraki.com” |
|
Number of seconds to retry if server returns an internal server error. Default: 60 |
|
ID number of a network. |
|
Name of a network. |
|
List of 1:many NAT rules. |
|
List of associated port rules. |
|
Remote IP addresses or ranges that are permitted to access the internal resource via this port forwarding rule, or ‘any’. |
|
Local IP address to which traffic will be forwarded. |
|
Destination port of the forwarded traffic that will be sent from the MX to the specified host on the LAN. If you simply wish to forward the traffic without translating the port, this should be the same as the Public port. |
|
A description of the rule. |
|
Protocol to apply NAT rule to. Choices:
|
|
Destination port of the traffic that is arriving on the WAN. |
|
The IP address that will be used to access the internal resource from the WAN. |
|
The physical WAN interface on which the traffic will arrive. Choices:
|
|
List of 1:1 NAT rules. |
|
The ports this mapping will provide access on, and the remote IPs that will be allowed access to the resource. |
|
ranges of WAN IP addresses that are allowed to make inbound connections on the specified ports or port ranges, or ‘any’. |
|
List of ports or port ranges that will be forwarded to the host on the LAN. |
|
Protocol to apply NAT rule to. Choices:
|
|
The IP address of the server or device that hosts the internal resource that you wish to make available on the WAN. |
|
A descriptive name for the rule. |
|
The IP address that will be used to access the internal resource from the WAN. |
|
The physical WAN interface on which the traffic will arrive. Choices:
|
|
ID of organization associated to a network. |
|
Name of organization. |
|
Instructs module whether response keys should be snake case (ex. Choices:
|
|
Set amount of debug output during module execution. Choices:
|
|
List of port forwarding rules. |
|
List of ranges of WAN IP addresses that are allowed to make inbound connections on the specified ports or port ranges (or any). |
|
The IP address of the server or device that hosts the internal resource that you wish to make available on the WAN. |
|
A port or port ranges that will receive the forwarded traffic from the WAN. |
|
A descriptive name for the rule. |
|
Protocol to forward traffic for. Choices:
|
|
A port or port ranges that will be forwarded to the host on the LAN. |
|
The physical WAN interface on which the traffic will arrive. Choices:
|
|
Number of seconds to retry if rate limiter is triggered. Default: 165 |
|
Create or modify an organization. Choices:
|
|
Specifies which NAT components to query. Choices:
|
|
Time to timeout for HTTP requests. Default: 30 |
|
If Only useful for internal Meraki developers. Choices:
|
|
If Choices:
|
|
Whether to validate HTTP certificates. Choices:
|
Notes
Note
More information about the Meraki API can be found at https://dashboard.meraki.com/api_docs.
Some of the options are likely only used for developers within Meraki.
As of Ansible 2.9, Meraki modules output keys as snake case. To use camel case, set the
ANSIBLE_MERAKI_FORMAT
environment variable tocamelcase
.Ansible’s Meraki modules will stop supporting camel case output in Ansible 2.13. Please update your playbooks.
Check Mode downloads the current configuration from the dashboard, then compares changes against this download. Check Mode will report changed if there are differences in the configurations, but does not submit changes to the API for validation of change.
Examples
- name: Query all NAT rules
meraki_nat:
auth_key: abc123
org_name: YourOrg
net_name: YourNet
state: query
subset: all
delegate_to: localhost
- name: Query 1:1 NAT rules
meraki_nat:
auth_key: abc123
org_name: YourOrg
net_name: YourNet
state: query
subset: '1:1'
delegate_to: localhost
- name: Create 1:1 rule
meraki_nat:
auth_key: abc123
org_name: YourOrg
net_name: YourNet
state: present
one_to_one:
- name: Service behind NAT
public_ip: 1.2.1.2
lan_ip: 192.168.128.1
uplink: internet1
allowed_inbound:
- protocol: tcp
destination_ports:
- 80
allowed_ips:
- 10.10.10.10
delegate_to: localhost
- name: Create 1:many rule
meraki_nat:
auth_key: abc123
org_name: YourOrg
net_name: YourNet
state: present
one_to_many:
- public_ip: 1.1.1.1
uplink: internet1
port_rules:
- name: Test rule
protocol: tcp
public_port: 10
local_ip: 192.168.128.1
local_port: 11
allowed_ips:
- any
delegate_to: localhost
- name: Create port forwarding rule
meraki_nat:
auth_key: abc123
org_name: YourOrg
net_name: YourNet
state: present
port_forwarding:
- name: Test map
lan_ip: 192.168.128.1
uplink: both
protocol: tcp
allowed_ips:
- 1.1.1.1
public_port: 10
local_port: 11
delegate_to: localhost
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Information about the created or manipulated object. Returned: success |
|
Information about 1:many NAT object. Returned: success, when 1:many NAT object is in task |
|
List of 1:many NAT rules. Returned: success, when 1:many NAT object is in task |
|
List of NAT port rules. Returned: success, when 1:many NAT object is in task |
|
List of IP addresses to be forwarded. Returned: success, when 1:1 NAT object is in task Sample: “10.80.100.0/24” |
|
Local IP address traffic will be forwarded. Returned: success, when 1:1 NAT object is in task Sample: “192.0.2.10” |
|
Destination port to be forwarded to. Returned: success, when 1:1 NAT object is in task Sample: 443 |
|
Name of NAT object. Returned: success, when 1:many NAT object is in task Sample: “Web server behind NAT” |
|
Protocol to apply NAT rule to. Returned: success, when 1:1 NAT object is in task Sample: “tcp” |
|
Destination port of the traffic that is arriving on WAN. Returned: success, when 1:1 NAT object is in task Sample: 9443 |
|
Public IP address to be mapped. Returned: success, when 1:many NAT object is in task Sample: “148.2.5.100” |
|
Internet port where rule is applied. Returned: success, when 1:many NAT object is in task Sample: “internet1” |
|
Information about 1:1 NAT object. Returned: success, when 1:1 NAT object is in task |
|
List of 1:1 NAT rules. Returned: success, when 1:1 NAT object is in task |
|
List of inbound forwarding rules. Returned: success, when 1:1 NAT object is in task |
|
List of IP addresses to be forwarded. Returned: success, when 1:1 NAT object is in task Sample: “10.80.100.0/24” |
|
Ports to apply NAT rule to. Returned: success, when 1:1 NAT object is in task Sample: 80 |
|
Protocol to apply NAT rule to. Returned: success, when 1:1 NAT object is in task Sample: “tcp” |
|
Local IP address to be mapped. Returned: success, when 1:1 NAT object is in task Sample: “192.168.128.22” |
|
Name of NAT object. Returned: success, when 1:1 NAT object is in task Sample: “Web server behind NAT” |
|
Public IP address to be mapped. Returned: success, when 1:1 NAT object is in task Sample: “148.2.5.100” |
|
Internet port where rule is applied. Returned: success, when 1:1 NAT object is in task Sample: “internet1” |
|
Information about port forwarding rules. Returned: success, when port forwarding is in task |
|
List of port forwarding rules. Returned: success, when port forwarding is in task |
|
List of IP addresses to be forwarded. Returned: success, when port forwarding is in task Sample: “10.80.100.0/24” |
|
Local IP address to be mapped. Returned: success, when port forwarding is in task Sample: “192.168.128.22” |
|
Destination port to be forwarded to. Returned: success, when port forwarding is in task Sample: 443 |
|
Name of NAT object. Returned: success, when port forwarding is in task Sample: “Web server behind NAT” |
|
Protocol to apply NAT rule to. Returned: success, when port forwarding is in task Sample: “tcp” |
|
Destination port of the traffic that is arriving on WAN. Returned: success, when port forwarding is in task Sample: 9443 |
|
Internet port where rule is applied. Returned: success, when port forwarding is in task Sample: “internet1” |
Authors
Kevin Breit (@kbreit)