NAT Rules

Network Address Translation (NAT) allows the source or destination IP address to be changed for traffic to transition through a router or gateway.

There are 2 types of NAT within your edge gateway:

  1. Destination NAT (DNAT) – Changes the destination IP of the packet.

  2. Source NAT (SNAT) – Changes the source IP of the packet.

For a virtual machine (VM) to access an external network from its virtual data center (VDC), the IP address of its network needs to be translated to one of the following:

  • Public internet IP addresses provided by Equinix Managed Services

  • Private networks via EBC Connect

Note: NAT rules only work if the firewall is enabled. For security reasons, ensure that the firewall is always enabled.

Create a DNAT rule

DNAT changes the destination IP address of a packet and performs the reverse function for any replies.

Use DNAT to publish a service in a private network on a public IP address.

To create a DNAT rule:

  1. On the vCloud Directory Virtual Data-Center dashboard, select the VDC that contains the edge gateway where you will create the DNAT rule.

  2. From the left navigation panel, click Edges.

  3. Choose the edge you want to configure and click Configure Services.

  4. Click the NAT tab, and in NAT44 Rules, click + DNAT Rule.

  5. In the Add DNAT Rule window, use the Applied On dropdown to select the interface on which to apply the rule.

    Unless you have special requirements, this is the external network, usually named *VCD_CUSTOMER_WAN.

  6. Enter an Original IP/Range and a Translated IP/Range.

  7. Select the Protocol, Original Port, and Translated Port.

  8. Make sure the Enabled option is selected.

  9. Select Enable logging if you have a syslog server configured.

  10. Click Keep and Save changes.

Create a SNAT rule

SNAT changes the source IP address of a packet and performs the reverse function for any replies.

When you connect to an external network (for example, the internet) to access services (for example, DNS), you need to define a SNAT rule to translate your internal address for its availability on the external network.

To create an SNAT rule:

  1. On the vCloud Directory Virtual Data-Center dashboard, select the VDC that contains the edge gateway where you will create the SNAT rule.

  2. From the left navigation panel, click Edges.

  3. Choose the edge you want to configure and click Configure Services.

  4. Click the NAT tab, and in NAT44 Rules, click + SNAT Rule.

  5. In the Add SNAT Rule window, use the Applied On dropdown to select the interface on which to apply the rule.

  6. Unless you have special requirements, this is the external network, usually named *VCD_CUSTOMER_WAN.

  7. Enter an Original Source IP/Range and a Translated Source IP/Range.

  8. Select the Protocol, Original Port, and Translated Port.

  9. Make sure the Enabled option is selected.

  10. Select Enable logging if you have a syslog server configured.

  11. Click Keep and Save changes.