ansible / ansible.builtin / v2.9.0 / module / meraki_nat Manage NAT rules in Meraki cloud | "added in version" 2.9 of ansible.builtin" Authors: Kevin Breit (@kbreit) preview | supported by communityansible.builtin.meraki_nat (v2.9.0) — module
pip
Install with pip install ansible==2.9.0
Allows for creation, management, and visibility of NAT rules (1:1, 1:many, port forwarding) within Meraki.
- name: Query all NAT rules meraki_nat: auth_key: abc123 org_name: YourOrg net_name: YourNet state: query subset: all delegate_to: localhost
- name: Query 1:1 NAT rules meraki_nat: auth_key: abc123 org_name: YourOrg net_name: YourNet state: query subset: '1:1' delegate_to: localhost
- name: Create 1:1 rule meraki_nat: auth_key: abc123 org_name: YourOrg net_name: YourNet state: present one_to_one: - name: Service behind NAT public_ip: 1.2.1.2 lan_ip: 192.168.128.1 uplink: internet1 allowed_inbound: - protocol: tcp destination_ports: - 80 allowed_ips: - 10.10.10.10 delegate_to: localhost
- name: Create 1:many rule meraki_nat: auth_key: abc123 org_name: YourOrg net_name: YourNet state: present one_to_many: - public_ip: 1.1.1.1 uplink: internet1 port_rules: - name: Test rule protocol: tcp public_port: 10 local_ip: 192.168.128.1 local_port: 11 allowed_ips: - any delegate_to: localhost
- name: Create port forwarding rule meraki_nat: auth_key: abc123 org_name: YourOrg net_name: YourNet state: present port_forwarding: - name: Test map lan_ip: 192.168.128.1 uplink: both protocol: tcp allowed_ips: - 1.1.1.1 public_port: 10 local_port: 11 delegate_to: localhost
host: default: api.meraki.com description: - Hostname for Meraki dashboard. - Can be used to access regional Meraki environments, such as China. type: str state: choices: - present - query default: present description: - Create or modify an organization. type: str net_id: description: - ID number of a network. type: str org_id: description: - ID of organization associated to a network. type: str subset: choices: - '1:1' - 1:many - all - port_forwarding default: all description: - Specifies which NAT components to query. type: list timeout: default: 30 description: - Time to timeout for HTTP requests. type: int auth_key: description: - Authentication key provided by the dashboard. Required if environmental variable C(MERAKI_KEY) is not set. required: true type: str net_name: aliases: - name - network description: - Name of a network. type: str org_name: aliases: - organization description: - Name of organization. type: str use_https: default: true description: - If C(no), it will use HTTP. Otherwise it will use HTTPS. - Only useful for internal Meraki developers. type: bool use_proxy: default: false description: - If C(no), it will not use a proxy, even if one is defined in an environment variable on the target hosts. type: bool one_to_one: description: - List of 1:1 NAT rules. suboptions: allowed_inbound: description: - The ports this mapping will provide access on, and the remote IPs that will be allowed access to the resource. suboptions: allowed_ips: description: - ranges of WAN IP addresses that are allowed to make inbound connections on the specified ports or port ranges, or 'any'. type: list destination_ports: description: - List of ports or port ranges that will be forwarded to the host on the LAN. type: list protocol: choices: - any - icmp-ping - tcp - udp default: any description: - Protocol to apply NAT rule to. type: str type: list lan_ip: description: - The IP address of the server or device that hosts the internal resource that you wish to make available on the WAN. type: str name: description: - A descriptive name for the rule. type: str public_ip: description: - The IP address that will be used to access the internal resource from the WAN. type: str uplink: choices: - both - internet1 - internet2 description: - The physical WAN interface on which the traffic will arrive. type: list one_to_many: description: - List of 1:many NAT rules. suboptions: port_rules: description: - List of associated port rules. suboptions: allowed_ips: description: - Remote IP addresses or ranges that are permitted to access the internal resource via this port forwarding rule, or 'any'. type: list local_ip: description: - Local IP address to which traffic will be forwarded. type: str local_port: description: - Destination port of the forwarded traffic that will be sent from the MX to the specified host on the LAN. - If you simply wish to forward the traffic without translating the port, this should be the same as the Public port. type: str name: description: - A description of the rule. type: str protocol: choices: - tcp - udp description: - Protocol to apply NAT rule to. type: str public_port: description: - Destination port of the traffic that is arriving on the WAN. type: str type: list public_ip: description: - The IP address that will be used to access the internal resource from the WAN. type: str uplink: choices: - both - internet1 - internet2 description: - The physical WAN interface on which the traffic will arrive. type: str type: list output_level: choices: - debug - normal default: normal description: - Set amount of debug output during module execution. type: str output_format: choices: - snakecase - camelcase default: snakecase description: - Instructs module whether response keys should be snake case (ex. C(net_id)) or camel case (ex. C(netId)). type: str validate_certs: default: true description: - Whether to validate HTTP certificates. type: bool port_forwarding: description: - List of port forwarding rules. suboptions: allowed_ips: description: - List of ranges of WAN IP addresses that are allowed to make inbound connections on the specified ports or port ranges (or any). lan_ip: description: - The IP address of the server or device that hosts the internal resource that you wish to make available on the WAN. type: str local_port: description: - A port or port ranges that will receive the forwarded traffic from the WAN. type: str name: description: - A descriptive name for the rule. type: str protocol: choices: - tcp - udp description: - Protocol to forward traffic for. type: str public_port: description: - A port or port ranges that will be forwarded to the host on the LAN. type: str uplink: choices: - both - internet1 - internet2 description: - The physical WAN interface on which the traffic will arrive. type: str type: list rate_limit_retry_time: default: 165 description: - Number of seconds to retry if rate limiter is triggered. type: int internal_error_retry_time: default: 60 description: - Number of seconds to retry if server returns an internal server error. type: int
data: contains: one_to_many: contains: rules: contains: portRules: contains: allowedIps: description: List of IP addresses to be forwarded. example: 10.80.100.0/24 returned: success, when 1:1 NAT object is in task type: list localIp: description: Local IP address traffic will be forwarded. example: 192.0.2.10 returned: success, when 1:1 NAT object is in task type: str localPort: description: Destination port to be forwarded to. example: 443 returned: success, when 1:1 NAT object is in task type: int name: description: Name of NAT object. example: Web server behind NAT returned: success, when 1:many NAT object is in task type: str protocol: description: Protocol to apply NAT rule to. example: tcp returned: success, when 1:1 NAT object is in task type: str publicPort: description: Destination port of the traffic that is arriving on WAN. example: 9443 returned: success, when 1:1 NAT object is in task type: int description: List of NAT port rules. returned: success, when 1:many NAT object is in task type: complex publicIp: description: Public IP address to be mapped. example: 148.2.5.100 returned: success, when 1:many NAT object is in task type: str uplink: description: Internet port where rule is applied. example: internet1 returned: success, when 1:many NAT object is in task type: str description: List of 1:many NAT rules. returned: success, when 1:many NAT object is in task type: complex description: Information about 1:many NAT object. returned: success, when 1:many NAT object is in task type: complex one_to_one: contains: rules: contains: allowedInbound: contains: allowedIps: description: List of IP addresses to be forwarded. example: 10.80.100.0/24 returned: success, when 1:1 NAT object is in task type: list destinationPorts: description: Ports to apply NAT rule to. example: 80 returned: success, when 1:1 NAT object is in task type: str protocol: description: Protocol to apply NAT rule to. example: tcp returned: success, when 1:1 NAT object is in task type: str description: List of inbound forwarding rules. returned: success, when 1:1 NAT object is in task type: complex lanIp: description: Local IP address to be mapped. example: 192.168.128.22 returned: success, when 1:1 NAT object is in task type: str name: description: Name of NAT object. example: Web server behind NAT returned: success, when 1:1 NAT object is in task type: str publicIp: description: Public IP address to be mapped. example: 148.2.5.100 returned: success, when 1:1 NAT object is in task type: str uplink: description: Internet port where rule is applied. example: internet1 returned: success, when 1:1 NAT object is in task type: str description: List of 1:1 NAT rules. returned: success, when 1:1 NAT object is in task type: complex description: Information about 1:1 NAT object. returned: success, when 1:1 NAT object is in task type: complex port_forwarding: contains: rules: contains: allowedIps: description: List of IP addresses to be forwarded. example: 10.80.100.0/24 returned: success, when port forwarding is in task type: list lanIp: description: Local IP address to be mapped. example: 192.168.128.22 returned: success, when port forwarding is in task type: str localPort: description: Destination port to be forwarded to. example: 443 returned: success, when port forwarding is in task type: int name: description: Name of NAT object. example: Web server behind NAT returned: success, when port forwarding is in task type: str protocol: description: Protocol to apply NAT rule to. example: tcp returned: success, when port forwarding is in task type: str publicPort: description: Destination port of the traffic that is arriving on WAN. example: 9443 returned: success, when port forwarding is in task type: int uplink: description: Internet port where rule is applied. example: internet1 returned: success, when port forwarding is in task type: str description: List of port forwarding rules. returned: success, when port forwarding is in task type: complex description: Information about port forwarding rules. returned: success, when port forwarding is in task type: complex description: Information about the created or manipulated object. returned: success type: complex