Bidirectional NAT
Bidirectional NAT is simply a combination of source and destination NAT. A typical scenario might use SNAT on the outbound traffic of an entire private network and DNAT for specific internal services (for example, mail or web); refer to the following figure.
To configure NAT in this way, perform the following steps in configuration mode. Note that source and destination rule numbers are independent. In the example, this independence is highlighted by creating “source rule 10” and “destination rule 10.”
Step | Command |
---|---|
Create SNAT rule 10. |
|
Apply this rule to packets coming from any host on the 10.0.0.0/24 network and egressing through the dp0p1p1 interface. |
|
Use 12.34.56.78 as the source address in outgoing packets. |
|
Create DNAT rule 10. |
|
Apply this rule to all incoming TCP packets on the dp0p1p1 interface bound for the 12.34.56.78 address, port 80 (that is, HTTP traffic). |
|
Forward traffic to the 10.0.0.4 address (that is, the web server). |
|
Commit the change. |
|
Show the configuration. |
|