home

Supported platforms

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Source NAT (one-to-one)

The following figure shows an example of source NAT (SNAT) in which a single “inside” source address is translated to a single “outside” source address. This example has the following characteristics:

  • An internal news server, a Network News Time Protocol (NTTP) device, needs to connect to an external news server.
  • The external news server accepts connections only from known clients.
  • The internal news server does not receive connections from outside the local network.
Figure 1. Source NAT (one-to-one)

To configure NAT in this way, perform the following steps in configuration mode.

Table 1. Configuring source NAT (one-to-one)

Step

Command

Create SNAT rule 10.

vyatta@vyatta# set service nat source rule 10

Apply this rule to packets coming from the 10.0.0.4 address and egressing through the dp0p1p1 interface.

vyatta@vyatta# set service nat source rule 10 source address 10.0.0.4 vyatta@vyatta# set service nat source rule 10 outbound-interface dp0p1p1

Use 12.34.56.78 as the source address in outgoing packets. Make sure that the translation address is an address defined on the outbound interface if it is part of the connected subnet on that interface. This ensures that the vRouter replies to ARP requests from remote devices for the translation address.

vyatta@vyatta# set service nat source rule 10 translation address 12.34.56.78 

Commit the change.

vyatta@vyatta# commit

Show the configuration.

vyatta@vyatta# show nat source rule 10
outbound-interface dp0p1p1
source {
    address 10.0.0.4
}
translation {
    address 12.34.56.78
}