Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Masquerade NAT

Masquerade NAT is a special application of source NAT. It is typically used when the Internet-facing interface has a dynamic IP address provided by a mechanism such as DHCP. In these cases, configuring a static translation address is not appropriate as the address assigned to the interface can change. Specifying masquerade as the translation address instructs the system to use the IP address currently assigned to the outbound interface as the translation address.

Masquerade NAT rules typically consist of match conditions that contain the following characteristics:

  • The source network (usually the private IP network assigned to LAN devices)
  • The outbound interface (the Internet-facing interface that is assigned the dynamic IP address)

The following figure shows an example of masquerade NAT.

Figure 1. Masquerade NAT

To configure NAT in this way, perform the following steps in configuration mode.

Table 1. Configuring masquerade NAT

Step

Command

Create SNAT rule 10.

vyatta@vyatta# set service nat source rule 10

Apply this rule to packets coming from any host on the 10.0.0.0/24 network and egressing through the dp0p1p1 interface.

vyatta@vyatta# set service nat source rule 10 source address 10.0.0.0/24 
vyatta@vyatta# set service nat source rule 10 outbound-interface dp0p1p1

Use the IP address of the outbound interface as the outside address.

vyatta@vyatta# set service nat source rule 10 translation address masquerade

Commit the change.

vyatta@vyatta# commit

Show the configuration.

vyatta@vyatta# show nat source rule 10
 outbound-interface dp0p1p1
 source {
     address 10.0.0.0/24
 }
 translation {
     address masquerade
 }