Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Configure the Vyatta AMI instance for NAT

This section details the procedure for configuring the Vyatta AMI instance for NAT.

To configure the Vyatta AMI instance to act as a NAT device

  1. Log on to the Vyatta AMI instance by using the SSH client. Refer to Access the private instance remotely.
  2. Enter configuration mode.
    vyatta@vyatta:~$ configure
    
    [edit]
  3. Change the host name to R1 to identify the instance.
    vyatta@vyatta# set system host‐name R1
    
    [edit]

    The command prompt changes to reflect the new host name the next time you log on.

  4. Configure masquerade NAT for outbound traffic from subnet 10.0.1.0/24. This network address represents the private subnet to be created in a later step.
    vyatta@vyatta# set service nat source rule 10
    [edit]
    vyatta@vyatta# set service nat source rule 10 outbound‐interface dp0s0
    [edit]
    vyatta@vyatta# set service nat source rule 10 translation address masquerade
    [edit]
    vyatta@vyatta# set service nat source rule 10 source address 10.0.1.0/24
    [edit]
  5. Configure the destination NAT to provide remote access to an instance in the private subnet. The NAT rule passes connections to port 3333 to address 10.0.1.20 port 22. This instance is launched in a later step.
    vyatta@vyatta# set service nat destination rule 20 destination port 3333
    [edit]
    vyatta@vyatta# set service nat destination rule 20 protocol tcp
    [edit]
    vyatta@vyatta# set service nat destination rule 20 translation address 10.0.1.20
    [edit]
    vyatta@vyatta# set service nat destination rule 20 inbound‐interface dp0s0
    [edit]
    vyatta@vyatta# set service nat destination rule 20 translation port 22
    [edit]
  6. Commit and save the changes.
    vyatta@vyatta# commit
    [edit]
    vyatta@vyatta# save
    Saving configuration to '/config/config.boot'...
    Done
    [edit]
  7. View the NAT‐related changes.
    vyatta@vyatta# show service
     service {
            nat {
                    destination {
                            rule 20 {
                                    destination {
                                            port 3333
                                    }
                                    inbound‐interface dp0s0
                                    protocol tcp
                                    translation {
                                            address 10.0.1.20
                                            port 22
                                    }
                            }
                    }
                    source {
                            rule 10 {
                                    outbound‐interface dp0s0
                                    source {
                                            address 10.0.1.0/24
                                    }
                                    translation {
                                            address masquerade
                                    }
                            }
                    }
            }
            ssh
     }
    [edit]
  8. Exit configuration mode and then exit the logon session.
    vyatta@vyatta# exit
    exit
    vyatta@vyatta:~$ exit
    
    logout
The SSH session is terminated.