EdgeRouter - Source NAT and Masquerade
Overview
Readers will learn how to add Source NAT and Source NAT Masquerade rules to an EdgeRouter.
Table of Contents
Source NAT and Masquerade
Source NAT rules can be used for many different applications. A popular usage of NAT Masquerade is to translate a private address range to a single public IP address. This allows the hosts behind the EdgeRouter to communicate with other devices on the internet.
There are two types of Source NAT rules:
-
Masquerade
Also known as Many-to-One NAT, PAT or NAT Overload. -
Source
Specific translation between address(es) and/or port(s).
Using Source NAT to translate the traffic from the UNMS server and LAN clients using the public IP address(es) on the WAN interface (eth0).
Adding a Masquerade Rule
1. Navigate to the Firewall/NAT tab and add the Masquerade rule with eth0 (WAN) set as the Outbound Interface.
Firewall/NAT > NAT > Add Source NAT Rule +
Description: masquerade for WAN
Outbound Interface: eth0
Translation: Use Masquerade
Protocol: All Protocols
The above configuration can also be set using the CLI:
1. Enter configuration mode.
configure
2. Add the NAT Masquerade rule.
set service nat rule 5010 description 'masquerade for WAN'
set service nat rule 5010 outbound-interface eth0
set service nat rule 5010 type masquerade
set service nat rule 5010 protocol all
3. Commit the changes and save the configuration.
commit ; save
Adding a Source NAT rule
In this example, Source NAT is used to provide a 1:1 translation for the UNMS server to the secondary WAN IP address (203.0.113.2).
1. Navigate to the Firewall/NAT tab and add the Source NAT rule with eth0 (WAN) set as the Outbound Interface.
Firewall/NAT > NAT > Add Source NAT Rule +
Description: source NAT for 192.168.1.10
Outbound Interface: eth0
Translation: Specify address and/or port
Translation Address: 203.0.113.2
Protocol: All Protocols
Src Address: 192.168.1.10
The above configuration can also be set using the CLI:
1. Enter configuration mode.
configure
2. Add the Source NAT rule.
set service nat rule 5000 description 'source NAT for 192.168.1.10'
set service nat rule 5000 outbound-interface eth0
set service nat rule 5000 type source
set service nat rule 5000 protocol all
set service nat rule 5000 outside-address address 203.0.113.2
set service nat rule 5000 source address 192.168.1.10
3. Commit the changes and save the configuration.
commit ; save
Related Articles
EdgeRouter - IPsec Site-to-Site VPN with Many-to-Many Source NAT
EdgeRouter - IPsec Site-to-Site VPN with Many-to-One Source NAT