meraki_nat – Manage NAT rules in Meraki cloud¶

New in version 2.9.

Synopsis
Parameters
Notes
Examples
Return Values
Status

Synopsis ¶

Allows for creation, management, and visibility of NAT rules (1:1, 1:many, port forwarding) within Meraki.

Parameters ¶

Parameter			Choices/Defaults	Comments
auth_key string / required				Authentication key provided by the dashboard. Required if environmental variable `MERAKI_KEY` is not set.
host string			Default: "api.meraki.com"	Hostname for Meraki dashboard. Can be used to access regional Meraki environments, such as China.
internal_error_retry_time integer			Default: 60	Number of seconds to retry if server returns an internal server error.
net_id string				ID number of a network.
net_name string				Name of a network. aliases: name, network
one_to_many list				List of 1:many NAT rules.
	port_rules list			List of associated port rules.
		allowed_ips list		Remote IP addresses or ranges that are permitted to access the internal resource via this port forwarding rule, or 'any'.
		local_ip string		Local IP address to which traffic will be forwarded.
		local_port string		Destination port of the forwarded traffic that will be sent from the MX to the specified host on the LAN. If you simply wish to forward the traffic without translating the port, this should be the same as the Public port.
		name string		A description of the rule.
		protocol string	Choices: tcp udp	Protocol to apply NAT rule to.
		public_port string		Destination port of the traffic that is arriving on the WAN.
	public_ip string			The IP address that will be used to access the internal resource from the WAN.
	uplink string		Choices: both internet1 internet2	The physical WAN interface on which the traffic will arrive.
one_to_one list				List of 1:1 NAT rules.
	allowed_inbound list			The ports this mapping will provide access on, and the remote IPs that will be allowed access to the resource.
		allowed_ips list		ranges of WAN IP addresses that are allowed to make inbound connections on the specified ports or port ranges, or 'any'.
		destination_ports list		List of ports or port ranges that will be forwarded to the host on the LAN.
		protocol string	Choices: any ← icmp-ping tcp udp	Protocol to apply NAT rule to.
	lan_ip string			The IP address of the server or device that hosts the internal resource that you wish to make available on the WAN.
	name string			A descriptive name for the rule.
	public_ip string			The IP address that will be used to access the internal resource from the WAN.
	uplink -		Choices: both internet1 internet2	The physical WAN interface on which the traffic will arrive.
org_id string				ID of organization associated to a network.
org_name string				Name of organization. aliases: organization
output_format string			Choices: snakecase ← camelcase	Instructs module whether response keys should be snake case (ex. `net_id`) or camel case (ex. `netId`).
output_level string			Choices: debug normal ←	Set amount of debug output during module execution.
port_forwarding list				List of port forwarding rules.
	allowed_ips -			List of ranges of WAN IP addresses that are allowed to make inbound connections on the specified ports or port ranges (or any).
	lan_ip string			The IP address of the server or device that hosts the internal resource that you wish to make available on the WAN.
	local_port string			A port or port ranges that will receive the forwarded traffic from the WAN.
	name string			A descriptive name for the rule.
	protocol string		Choices: tcp udp	Protocol to forward traffic for.
	public_port string			A port or port ranges that will be forwarded to the host on the LAN.
	uplink string		Choices: both internet1 internet2	The physical WAN interface on which the traffic will arrive.
rate_limit_retry_time integer			Default: 165	Number of seconds to retry if rate limiter is triggered.
state string			Choices: present ← query	Create or modify an organization.
subset list			Choices: 1:1 1:many all ← port_forwarding	Specifies which NAT components to query.
timeout integer			Default: 30	Time to timeout for HTTP requests.
use_https boolean			Choices: no yes ←	If `no`, it will use HTTP. Otherwise it will use HTTPS. Only useful for internal Meraki developers.
use_proxy boolean			Choices: no yes	If `no`, it will not use a proxy, even if one is defined in an environment variable on the target hosts.
validate_certs boolean			Choices: no yes ←	Whether to validate HTTP certificates.

Notes ¶

Note

More information about the Meraki API can be found at https://dashboard.meraki.com/api_docs.
Some of the options are likely only used for developers within Meraki.
As of Ansible 2.9, Meraki modules output keys as snake case. To use camel case, set the ANSIBLE_MERAKI_FORMAT environment variable to camelcase.
Ansible’s Meraki modules will stop supporting camel case output in Ansible 2.13. Please update your playbooks.

Examples ¶

- name: Query all NAT rules
  meraki_nat:
    auth_key: abc123
    org_name: YourOrg
    net_name: YourNet
    state: query
    subset: all
  delegate_to: localhost

- name: Query 1:1 NAT rules
  meraki_nat:
    auth_key: abc123
    org_name: YourOrg
    net_name: YourNet
    state: query
    subset: '1:1'
  delegate_to: localhost

- name: Create 1:1 rule
  meraki_nat:
    auth_key: abc123
    org_name: YourOrg
    net_name: YourNet
    state: present
    one_to_one:
      - name: Service behind NAT
        public_ip: 1.2.1.2
        lan_ip: 192.168.128.1
        uplink: internet1
        allowed_inbound:
          - protocol: tcp
            destination_ports:
              - 80
            allowed_ips:
              - 10.10.10.10
  delegate_to: localhost

- name: Create 1:many rule
  meraki_nat:
    auth_key: abc123
    org_name: YourOrg
    net_name: YourNet
    state: present
    one_to_many:
      - public_ip: 1.1.1.1
        uplink: internet1
        port_rules:
          - name: Test rule
            protocol: tcp
            public_port: 10
            local_ip: 192.168.128.1
            local_port: 11
            allowed_ips:
              - any
  delegate_to: localhost

- name: Create port forwarding rule
  meraki_nat:
    auth_key: abc123
    org_name: YourOrg
    net_name: YourNet
    state: present
    port_forwarding:
      - name: Test map
        lan_ip: 192.168.128.1
        uplink: both
        protocol: tcp
        allowed_ips:
          - 1.1.1.1
        public_port: 10
        local_port: 11
  delegate_to: localhost

Return Values ¶

Common return values are documented here, the following are the fields unique to this module:

Key					Returned	Description
data complex					success	Information about the created or manipulated object.
	one_to_many complex				success, when 1:many NAT object is in task	Information about 1:many NAT object.
		rules complex			success, when 1:many NAT object is in task	List of 1:many NAT rules.
			portRules complex		success, when 1:many NAT object is in task	List of NAT port rules.
				allowedIps list	success, when 1:1 NAT object is in task	List of IP addresses to be forwarded.
				localIp string	success, when 1:1 NAT object is in task	Local IP address traffic will be forwarded.
				localPort integer	success, when 1:1 NAT object is in task	Destination port to be forwarded to.
				name string	success, when 1:many NAT object is in task	Name of NAT object.
				protocol string	success, when 1:1 NAT object is in task	Protocol to apply NAT rule to.
				publicPort integer	success, when 1:1 NAT object is in task	Destination port of the traffic that is arriving on WAN.
			publicIp string		success, when 1:many NAT object is in task	Public IP address to be mapped.
			uplink string		success, when 1:many NAT object is in task	Internet port where rule is applied.
	one_to_one complex				success, when 1:1 NAT object is in task	Information about 1:1 NAT object.
		rules complex			success, when 1:1 NAT object is in task	List of 1:1 NAT rules.
			allowedInbound complex		success, when 1:1 NAT object is in task	List of inbound forwarding rules.
				allowedIps list	success, when 1:1 NAT object is in task	List of IP addresses to be forwarded.
				destinationPorts string	success, when 1:1 NAT object is in task	Ports to apply NAT rule to.
				protocol string	success, when 1:1 NAT object is in task	Protocol to apply NAT rule to.
			lanIp string		success, when 1:1 NAT object is in task	Local IP address to be mapped.
			name string		success, when 1:1 NAT object is in task	Name of NAT object.
			publicIp string		success, when 1:1 NAT object is in task	Public IP address to be mapped.
			uplink string		success, when 1:1 NAT object is in task	Internet port where rule is applied.
	port_forwarding complex				success, when port forwarding is in task	Information about port forwarding rules.
		rules complex			success, when port forwarding is in task	List of port forwarding rules.
			allowedIps list		success, when port forwarding is in task	List of IP addresses to be forwarded.
			lanIp string		success, when port forwarding is in task	Local IP address to be mapped.
			localPort integer		success, when port forwarding is in task	Destination port to be forwarded to.
			name string		success, when port forwarding is in task	Name of NAT object.
			protocol string		success, when port forwarding is in task	Protocol to apply NAT rule to.
			publicPort integer		success, when port forwarding is in task	Destination port of the traffic that is arriving on WAN.
			uplink string		success, when port forwarding is in task	Internet port where rule is applied.

Status ¶

This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]

Authors¶

Kevin Breit (@kbreit)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.

meraki_nat – Manage NAT rules in Meraki cloud¶

Synopsis¶

Parameters¶

Notes¶

Examples¶

Return Values¶

Status¶