NAT
Network Address Translation is a method of changing packet IP address. SoodarOS uses PNAT variation which change Port and Address.
NAT Static Mapping
Define a static mapping for address translation.
Address only NAT
In this mode, only address is translated to given address. Depending on flow direction( whether it’s in2out or out2in) the source or destination of packet is changed.
When a packet containing a source same as local address is passing through an input interface, its source is replaced with global address. When a packet containing a destination same as global address is passing through an output interface, its destination is replaced with local address.
- ip nat inside source static A.B.C.D A.B.C.D
Add a new static map entry to NAT static table. first IP is local address and second IP is global address.
Example :
soodar(config)# ip nat inside source static 192.168.1.10 85.20.1.1 soodar(config)# interface ge0 soodar(config-if)# ip nat inside soodar(config)# interface ge1 soodar(config-if)# ip nat outside
Define a static map entry that translates every ingress traffic from ge0 sourced from 192.168.1.10 to 85.20.1.1 ( Also known as Source NAT). Every packet coming from ge1 which is destined to 85.20.1.1 is also translated to 192.168.1.10
soodar(config)# ip nat inside source static 85.20.1.1 192.168.1.10 soodar(config)# interface ge0 soodar(config-if)# ip nat outside soodar(config)# interface ge1 soodar(config-if)# ip nat inside
Define a static map entry that translates every ingress traffic from ge0 destined to 192.168.1.10 to 85.20.1.1 ( Also known as Destination NAT). Every packet coming from ge1 which is sourced from 85.20.1.1 is also translated to 192.168.1.10
Protocol NAT
Sometimes we need to be more specific about our NAT and just translates a specified protocol on a defined port. So when defining an entry, we introduce the protocol and desired ports too. All other aspects of this entry( including behaviour) is like the simpe Address only NAT.
- ip nat inside source static <tcp|udp> A.B.C.D (1-65535) A.B.C.D (1-65535)
Add a new static map entry to NAT static table. first IP is local address and the number following is its port. second IP is global address and the number following is its port.
Example :
soodar(config)# ip nat inside source static tcp 192.168.1.10 444 85.20.1.1 666 soodar(config)# interface ge0 soodar(config-if)# ip nat inside soodar(config)# interface ge1 soodar(config-if)# ip nat outside
Define a static map entry that translates every ingress traffic from ge0 sourced from 192.168.1.10:444 to 85.20.1.1:666 ( Also known as Source NAT). Every packet coming from ge1 which is destined to 85.20.1.1:666 is also translated to 192.168.1.10:444
soodar(config)# ip nat inside source static tcp 85.20.1.1 666 192.168.1.10 444 soodar(config)# interface ge0 soodar(config-if)# ip nat outside soodar(config)# interface ge1 soodar(config-if)# ip nat inside
Define a static map entry that translates every ingress traffic from ge0 destined to 192.168.1.10:444 to 85.20.1.1:666 ( Also known as Destination NAT). Every packet coming from ge1 which is sourced from 85.20.1.1:666 is also translated to 192.168.1.10:444
Dynamic NAT
In dynamic NAT, every packet’s source outgoing from an input interface and destined to an output interface is translated to an IP, provided by IP pool.
For every source translation, a new session is created and it’s state is keeped. so the packets coming from an output interface and having a matched session, it’s destination is changed with respect to the session’s information.
NAT IP pool
A pool of available IP addresses to use as a NAT IP.
- ip nat pool PNAT44 A.B.C.D [ A.B.C.D ]
Add an IP( or an IP range if second IP is provided) to a nat pool named PNAT44
Example :
soodar(config)# ip nat pool p1 1.1.1.1 soodar(config)# ip nat pool p2 2.1.1.1 2.1.1.10
First command create p1 nat pool and add ip 1.1.1.1 to it. the second one adds 2.1.1.1 to 2.1.1.10 to p2 nat pool.
Put interface behind NAT
- ip nat inside
Define an interface as a NAT inside interface.
- ip nat outside
Define an interface as a NAT outside interface.
Example configuration
soodar(config)# int ge0
soodar(config-if)# ip nat outside
soodar(config)# int ge2
soodar(config-if)# ip nat inside
soodar(config)# ip nat pool nat1 200.1.2.1