EdgeRouter - Source NAT and Masquerade


Overview


Readers will learn how to add Source NAT rules to an EdgeRouter.

NOTES & REQUIREMENTS:
Applicable to the latest EdgeOS firmware on all EdgeRouter models. Please see the Related Articles below for more information.
 
Devices and products used in this article:

Table of Contents


  1. Source NAT and Masquerade
  2. Adding a Masquerade Rule
  3. Adding a Source NAT Rule
  4. Related Articles

Source NAT and Masquerade


Back to Top

Source NAT rules can be used for many different applications. A popular usage of NAT Masquerade is to translate a private address range to a single public IP address. This allows the hosts behind the EdgeRouter to communicate with other devices on the internet.

There are two types of Source NAT rules:

  • Masquerade Also known as Many-to-One NAT, PAT or NAT Overload.
  • Source Specific translation between address(es) and/or port(s).

topology.png

Using Source NAT to translate the traffic from the UNMS server and LAN clients using the public IP address(es) on the WAN interface (eth0). 


Adding a Masquerade Rule


Back to Top

GUI: Access the EdgeRouter Web UI.

1. Navigate to the Firewall/NAT tab and add the Masquerade rule with eth0 (WAN) set as the Outbound Interface.

Firewall/NAT > NAT > Add Source NAT Rule +

Description: masquerade for WAN
Outbound Interface: eth0
Translation: Use Masquerade
Protocol: All Protocols

The above configuration can also be set using the CLI:

CLI: Access the Command Line Interface. You can do this using the CLI button in the GUI or by using a program such as PuTTY.

1. Enter configuration mode.

configure

2. Add the NAT Masquerade rule.

set service nat rule 5010 description 'masquerade for WAN'
set service nat rule 5010 outbound-interface eth0
set service nat rule 5010 type masquerade
set service nat rule 5010 protocol all

3. Commit the changes and save the configuration.

commit ; save

Adding a Source NAT rule


Back to Top

In this example, Source NAT is used to provide a 1:1 translation for the UNMS server to the secondary WAN IP address (203.0.113.2).

GUI: Access the EdgeRouter Web UI.

1. Navigate to the Firewall/NAT tab and add the Source NAT rule with eth0 (WAN) set as the Outbound Interface.

Firewall/NAT > NAT > Add Source NAT Rule +

Description: source NAT for 192.168.1.10
Outbound Interface: eth0
Translation: Specify address and/or port
Translation Address: 203.0.113.2
Protocol: All Protocols
Src Address: 192.168.1.10
NOTE: Make sure that this rule is matched before other NAT Masquerade rules.

The above configuration can also be set using the CLI:

CLI: Access the Command Line Interface. You can do this using the CLI button in the GUI or by using a program such as PuTTY.

1. Enter configuration mode.

configure

2. Add the Source NAT rule.

set service nat rule 5000 description 'source NAT for 192.168.1.10'
set service nat rule 5000 outbound-interface eth0
set service nat rule 5000 type source
set service nat rule 5000 protocol all
set service nat rule 5000 outside-address address 203.0.113.2
set service nat rule 5000 source address 192.168.1.10

3. Commit the changes and save the configuration.

commit ; save

Related Articles


Back to Top

EdgeRouter - IPsec Site-to-Site VPN with Many-to-Many Source NAT

EdgeRouter - IPsec Site-to-Site VPN with Many-to-One Source NAT

Intro to Networking - How to Establish a Connection Using SSH


We're sorry to hear that!