create_nat_rule
Configure NAT rules on VMware NSX Tier-1 gateways to translate network addresses for SNAT, DNAT, or REFLEXIVE traffic routing.
Instructions
Create a NAT rule on a Tier-1 gateway.
Args: tier1_id: The Tier-1 gateway ID. rule_id: Unique ID for the NAT rule. action: NAT action: "SNAT", "DNAT", or "REFLEXIVE" (default "DNAT"). source_network: Source network CIDR (required for SNAT). destination_network: Destination network CIDR (required for DNAT). translated_network: Translated network/IP address. target: Optional NSX Manager target name from config. Uses default if omitted.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| tier1_id | Yes | ||
| rule_id | Yes | ||
| action | No | DNAT | |
| source_network | No | ||
| destination_network | No | ||
| translated_network | No | ||
| target | No |
Implementation Reference
- vmware_nsx/ops/nat_route_mgmt.py:39-109 (handler)Actual implementation of create_nat_rule that interacts with the NSX API.
def create_nat_rule( client: NsxClient, tier1_id: str, rule_id: str, action: str, source_network: str | None = None, destination_network: str | None = None, translated_network: str | None = None, ) -> dict: """Create a NAT rule on a Tier-1 gateway via Policy API (PUT). Args: client: Authenticated NSX API client. tier1_id: Tier-1 gateway identifier. rule_id: Unique NAT rule identifier. action: NAT action type. One of: SNAT, DNAT, REFLEXIVE, NO_SNAT, NO_DNAT, NAT64. source_network: Source CIDR for matching (used in SNAT/NO_SNAT). destination_network: Destination CIDR for matching (used in DNAT/NO_DNAT). translated_network: Translated IP/CIDR (required for SNAT/DNAT). Returns: Created NAT rule dict from NSX API. """ _validate_id(tier1_id) _validate_id(rule_id) valid_actions = { "SNAT", "DNAT", "REFLEXIVE", "NO_SNAT", "NO_DNAT", "NAT64", } if action not in valid_actions: raise ValueError( f"Invalid NAT action: '{action}'. " f"Must be one of: {', '.join(sorted(valid_actions))}" ) body: dict[str, Any] = { "action": action, "enabled": True, } if source_network: body["source_network"] = source_network if destination_network: body["destination_network"] = destination_network if translated_network: body["translated_network"] = translated_network # Validate required fields based on action if action in ("SNAT", "DNAT") and not translated_network: raise ValueError( f"translated_network is required for {action} rules." ) path = ( f"/policy/api/v1/infra/tier-1s/{tier1_id}" f"/nat/USER/nat-rules/{rule_id}" ) result = client.put(path, body) _log.info( "Created NAT rule %s (%s) on Tier-1 %s", rule_id, action, tier1_id, ) return result - mcp_server/server.py:565-594 (registration)MCP tool wrapper registration for create_nat_rule.
def create_nat_rule( tier1_id: str, rule_id: str, action: str = "DNAT", source_network: str | None = None, destination_network: str | None = None, translated_network: str = "", target: str | None = None, ) -> dict: """Create a NAT rule on a Tier-1 gateway. Args: tier1_id: The Tier-1 gateway ID. rule_id: Unique ID for the NAT rule. action: NAT action: "SNAT", "DNAT", or "REFLEXIVE" (default "DNAT"). source_network: Source network CIDR (required for SNAT). destination_network: Destination network CIDR (required for DNAT). translated_network: Translated network/IP address. target: Optional NSX Manager target name from config. Uses default if omitted. """ from vmware_nsx.ops.nat_mgmt import create_nat_rule as _create client = _get_connection(target) return _create( client, tier1_id, rule_id, action=action, source_network=source_network, destination_network=destination_network, translated_network=translated_network, )