- NAME
-
- gcloud compute routers nats rules create - add a Rule to a Compute Engine NAT
- SYNOPSIS
-
-
gcloud compute routers nats rules createRULE_NUMBER--match=MATCH--nat=NAT--router=ROUTER[--async] [--region=REGION] [--source-nat-active-ips=IP_ADDRESS,[IP_ADDRESS,…]] [--source-nat-active-ranges=SUBNETWORK,[SUBNETWORK,…]] [GCLOUD_WIDE_FLAG …]
-
- DESCRIPTION
-
gcloud compute routers nats rules createis used to create a Rule on a Compute Engine NAT. - EXAMPLES
-
Create a rule to use the IP Address address-1 to talk to destination IPs in the
CIDR Range "203.0.113.0/24".
gcloud compute routers nats rules create 1 --nat=my-nat --router=my-router --region=us-central1 --match='inIpRange(destination.ip, "203.0.113.0/24")' --source-nat-active-ips=a1 - POSITIONAL ARGUMENTS
-
RULE_NUMBER- Number that uniquely identifies the Rule to create
- REQUIRED FLAGS
-
--match=MATCH-
CEL Expression used to identify traffic to which this rule applies.
- Supported attributes (Public NAT): destination.ip
- Supported attributes (Private NAT): nexthop.hub
- Supported methods (Public Nat): inIpRange
- Supported operators (Public NAT): ||, ==
- Supported operators (Private NAT): ==
Examples of allowed Match expressions (Public NAT):
- 'inIpRange(destination.ip, "203.0.113.0/24")''
- 'destination.ip == "203.0.113.7"'
- 'destination.ip == "203.0.113.7" || inIpRange(destination.ip, "203.0.113.16/25")'
Example of allowed Match expression (Private NAT):
- nexthop.hub == "//networkconnectivity.googleapis.com/projects/p1/locations/global/hubs/h1"
--nat=NAT- Name of the NAT that contains the Rule
--router=ROUTER- The Router to use for NAT.
- OPTIONAL FLAGS
-
--async- Return immediately, without waiting for the operation in progress to complete.
--region=REGION-
Region of the NAT to create. If not specified, you might be prompted to select a
region (interactive mode only).
To avoid prompting when this flag is omitted, you can set the
compute/regiongcloud config set compute/region REGIONA list of regions can be fetched by running:
gcloud compute regions listTo unset the property, run:
gcloud config unset compute/regionAlternatively, the region can be stored in the environment variable
CLOUDSDK_COMPUTE_REGION --source-nat-active-ips=IP_ADDRESS,[IP_ADDRESS,…]-
External IP Addresses to use for connections matching this rule. This flag is
supported only for Public NAT and is required when creating a Public NAT
gateway.
These must be valid reserved external IP addresses in the same region.
--source-nat-active-ranges=SUBNETWORK,[SUBNETWORK,…]-
Subnetworks from which addresses are used for connections matching this rule.
This flag is supported only for Private NAT and is required when creating a
Private NAT gateway.
These must be subnetwork resources in the same region, with purpose set to PRIVATE_NAT.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run
$ gcloud helpfor details. - NOTES
-
These variants are also available:
gcloud alpha compute routers nats rules creategcloud beta compute routers nats rules create
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-04-23 UTC.