Configure NAT

With respect to our reference topology at Example topology for Internet gateway configuration, the Internet gateway should send outbound traffic from the office LAN out through the Internet-facing Ethernet interface, and translate all internal private IP addresses to a single public address. To enable this translation, we need to define a network address translation (NAT) rule.

Define a rule that allows traffic from network 192.168.1.0/24 to proceed to the Internet through interface dp0p1p1 and that will translate any internal addresses to the IP address of interface dp0p1p1. (Translation of this type is called masquerade translation.)
```
user@system# set service nat source rule 10 source address 192.168.1.0/24
user@system# set service nat source rule 10 outbound-interface dp0p1p1
```
In this example, we create a rule that we identify with the arbitrary number 10. This rule will apply to traffic that arrives from the source subnet 192.168.1.0/24, destined for the interface dp0p1p1.
```
user@system# set service nat source rule 10 translation address masquerade
```
192.168.1.0 is a non-routeable address, so we need to set up some form of mapping to provide a routeable source address (for returning packets). In this case, we use masquerade translation.
Commit your changes.
```
user@system# commit
```

Optional: Use the show nat source command to view the configuration.

user@system# show nat source

	rule 10 {
		outbound-interface dp0p1p1
		source {
			address 192.168.1.0/24
		}
		translation {
			address masquerade
		}
	}
[edit]
user@system#

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Configure NAT

Helpful Links

Key Resources