1:1 NAT

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search

1:1 NAT

This section will help you set up 1:1 NAT.

What is 1:1 NAT

1:1 NAT (Network Address Translation) is a mode of NAT that maps one internal address to one external address. For example, if a network has an internal servers at 192.168.1.10, 1:1 NAT can map 192.168.1.10 to 1.2.3.4 where 1.2.3.4 is an additional external IP address provided by your ISP.


How do I setup 1:1 NAT?

You need to do three things: first, setup an external IP Address Alias; second, map inbound traffic destined for the external address so it is redirected to the correct internal machine; third, map outbound traffic from the internal machine out the correct external address. In this example, we'll assume you're trying to setup 1:1 NAT for 192.168.1.10 to 1.2.3.4 - you will need to be in advanced mode to configure 1:1 NAT.

Create an IP Address Alias on the WAN interface for 1.2.3.4 with the appropriate netmask provided by your ISP and save it. This can be done at Config > Network > Interfaces on the specific interface and tells Untangle to take ownership of that IP.

Create a port forward for inbound sessions and save it. This rule will cause all inbound sessions destined for 1.2.3.4 to be forwarded to 192.168.1.10: Destination Address: 1.2.3.4 New Destination: 192.168.1.10

Create a nat rule for outbound sessions - this causes all outbound sessions from 192.168.1.10 to be NATd to 1.2.3.4. This is done at Config > Network > NAT Rules: Source Address: 192.168.1.10 NAT Type: Custom New Source: 1.2.3.4 Once this is configured and saved, your 1:1 NAT setup is complete.

How do I verify 1:1 NAT is working?

You can check outbound traffic by going to your internal server and visiting whatismyip.com. You can check inbound traffic by testing your port forward. For example, if your internal server is running a web server then visit http://1.2.3.4/ from outside the network - it should load the web server on 192.168.1.10.