home

Supported platforms

Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers
Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Show On this page:

thumbnailSupported platforms

NAT Configuration Examples

Bidirectional NAT

Bidirectional NAT is simply a combination of source and destination NAT. A typical scenario might use SNAT on the outbound traffic of an entire private network and DNAT for specific internal services (for example, mail or web); refer to the following figure.

Figure 1. Bidirectional NAT

To configure NAT in this way, perform the following steps in configuration mode. Note that source and destination rule numbers are independent. In the example, this independence is highlighted by creating “source rule 10” and “destination rule 10.”

Table 1. Configuring bidirectional NAT

Step

Command

Create SNAT rule 10. 

vyatta@vyatta# set service nat source rule 10

Apply this rule to packets coming from any host on the 10.0.0.0/24 network and egressing through the dp0p1p1 interface. 

vyatta@vyatta# set service nat source rule 10 source address 10.0.0.0/24 
vyatta@vyatta# set service nat source rule 10 outbound-interface dp0p1p1

Use 12.34.56.78 as the source address in outgoing packets. 

vyatta@vyatta# set service nat source rule 10 translation address 12.34.56.78

Create DNAT rule 10. 

vyatta@vyatta# set service nat destination rule 10

Apply this rule to all incoming TCP packets on the dp0p1p1 interface bound for the 12.34.56.78 address, port 80 (that is, HTTP traffic). 

vyatta@vyatta# set service nat destination rule 10 inbound-interface dp0p1p1
vyatta@vyatta# set service nat destination rule 10 destination address 12.34.56.78 
vyatta@vyatta# set service nat destination rule 10 destination port 80 
vyatta@vyatta# set service nat destination rule 10 protocol tcp

Forward traffic to the 10.0.0.4 address (that is, the web server). 

vyatta@vyatta# set service nat destination rule 10 translation address 10.0.0.4

Commit the change. 

vyatta@vyatta# commit

Show the configuration. 

vyatta@vyatta# show nat source rule 10
 outbound-interface dp0p1p1
 source {
     address 10.0.0.0/24
 }
 translation {
     address 12.34.56.78
 }
vyatta@vyatta# show nat destination rule 10
 destination {
     address 12.34.56.78
     port 80
 }
 inbound-interface dp0p1p1
 protocol tcp
 translation {
     address 10.0.0.4
 }

Last updated: December 22, 2021