info_i_25x25.png See important information about Ubiquiti Devices and KRACK Vulnerability in this article. We will update this document as more information becomes available.

EdgeRouter - Add source NAT rules

Overview


Readers will learn how to add source NAT rules via CLI.

 

There are two types of Source NAT (SNAT) Rules:

  • Masquerade - The most common NAT is a simplified form of SNAT.
  • Source - Specify the translation address and/or port.

Note: NAT source/masquerade rule numbers must start at 5000 or higher. This is an arbitrary limitation that is not noticed when using the web UI.

 

Steps for Masquerade NAT


The following settings are required for minimal configuration of a Source NAT Masquerade Rule:

  • Rule number
  • Outbound interface
  • Source NAT type: masquerade

Here is a configuration of a Source NAT Masquerade Rule:

 

ubnt@ubnt# show service
nat {
       rule 5000 {
        outbound-interface eth2
        type masquerade
    }
}

 

The following are options:

  • Source address or network
  • Source port
Note: If you designate a port, then you must also designate the protocol: udptcp, or udp_tcp.
  • Destination address or network
  • Destination port
Note: If you designate a port, then you must also designate the protocol: udptcp, or udp_tcp.
  • Protocol
  • Exclude
  • Description
  • Logging
  • Disable

 

Steps for Source NAT


The following settings are required for minimal configuration of a Source NAT Rule:

  • Rule number
  • Outbound interface
  • Translation address and/or port
  • Source NAT type: source

Here is a configuration of a Source NAT Rule:

ubnt@ubnt# show service
nat {
    rule 5000 {
        outbound-interface eth1
        outside-address {
            address 10.0.0.1
        }
        type source
    }

The following are options:

  • Source address or network
  • Source port
Note: If you designate a port, then you must also designate the protocol: udptcp, or udp_tcp.
  • Destination address or network
  • Destination port
Note: If you designate a port, then you must also designate the protocol: udptcp, or udp_tcp.
  • Protocol
  • Exclude
  • Description
  • Logging
  • Disable