EdgeRouter - Source NAT


Overview


Readers will learn how to add Source NAT (SNAT) rules to the EdgeRouter.

NOTES & REQUIREMENTS:
Applicable to the latest EdgeOS firmware on all EdgeRouter models. Please see the Related Articles below for more information.
 
Device used in this article:

Source NAT and Masquerade


Back to Top

There are two types of Source NAT rules:

  • Masquerade - Also known as Many-to-One NAT, PAT or NAT Overload.
  • Source - Specific translation between address(es) and/or port(s).

topology.png

Source NAT rules can be used for many different applications. A popular usage of NAT Masquerade is to translate a private address range to a single public IP address. This allows the hosts behind the EdgeRouter to communicate with other devices on the internet.

Add a Masquerade Rule


Back to Top

GUI: Access the Graphical User Interface (GUI).

1. Navigate to the Firewall/NAT tab and add the NAT Masquerade rule.

Firewall/NAT > NAT > Add Source NAT Rule +

Description: masquerade for WAN
Outbound Interface: eth0
Translation: Use Masquerade
Protocol: All Protocols

 

The CLI equivalent of this NAT Masquerade configuration is shown below.

CLI: Access the command line interface (CLI). You can do this using the CLI button in the GUI or by using a program such as PuTTY.

1. Enter configuration mode.

configure

2. Add the NAT Masquerade rule.

set service nat rule 5010 description 'masquerade for WAN'
set service nat rule 5010 outbound-interface eth0
set service nat rule 5010 type masquerade
set service nat rule 5010 protocol all

3. Commit the changes and save the configuration.

commit ; save

Add a Source NAT rule


Back to Top

Source NAT can be used for example, to translate a host to a specific address assigned to the WAN interface. 

GUI: Access the Graphical User Interface (GUI).

1. Navigate to the Firewall/NAT tab and add the Source NAT rule.

Firewall/NAT > NAT > Add Source NAT Rule +

Description: source NAT for 192.168.1.10
Outbound Interface: eth0
Translation: Specify address and/or port
Translation Address: 203.0.113.1
Protocol: All Protocols
Src Address: 192.168.1.10
NOTE: Make sure that this rule is matched before other NAT Masquerade rules.

The CLI equivalent of this Source NAT configuration is shown below.

CLI: Access the command line interface (CLI). You can do this using the CLI button in the GUI or by using a program such as PuTTY.

1. Enter configuration mode.

configure

2. Add the NAT Masquerade rule.

set service nat rule 5000 description 'source NAT for 192.168.1.10'
set service nat rule 5000 outbound-interface eth0
set service nat rule 5000 type source
set service nat rule 5000 protocol all
set service nat rule 5000 outside-address address 203.0.113.1
set service nat rule 5000 source address 192.168.1.10

3. Commit the changes and save the configuration.

commit ; save

Related Articles


Back to Top

Intro to Networking - How to Establish a Connection Using SSH

EdgeRouter - Hairpin NAT

EdgeRouter - Destination NAT

EdgeRouter - IPsec Site-to-Site VPN with Many-to-Many Source NAT

EdgeRouter - IPsec Site-to-Site VPN with Many-to-One Source NAT