Setting up NAT
NAT (Network Address Translation) is a translation of private (gray) IP addresses inti external (white) and vice versa. Due to this process your virtual machine gets Internet access. In order to configure this mechanism in the vCloud Director there must be configured rules for SNAT and DNAT.
Creating rules for SNAT
SNAT (Source Network Address Translation) is the mechanism which substitutes the source address during packet sending.
1. Enter the Administration section and double-click on your virtual datacenter. In the appeared settings menu go to the Edge Gateways tab. Choose needed Edge Gateway and right-click on it. Choose Properties options.
2. In the appeared windows inside the tab Sub-Allocate IP Pools you may see the external IP address and their range. Close the window.
3. Right-click again on the Edge Gateway. In the appeared menu choose the option Edge Gateway Services.
4. In the appeared window open the tab NAT and click Add SNAT.
5. In the new window:
- In the field Applied on indicate external network (NOT the organization network). It might be ext_ntwk_test;
- In the field Description set description to the SNAT rule;
- In the field Original (Internal) source IP/range set internal IP addresses range like 192.168.2.0/24, for example;
- In the field Translated (External) source IP/range set the external address through which Internet access is realized. The one you have see in the tab Sub-Allocate IP Pools (par. 2).
DNAT rule creation
DNAT is a mechanism that changes the destination address and port for the network packet. It is used for redirection of packets from external address/port to the private IP address/port inside private network.
1. In the window Configure Services choose NAT tab and click Add DNAT.
2. In the appeared window:
- In the field Applied on set external network (NOT the organization network);
- In the field Description set description of DNAT rule;
- In the field Original (External) IP/range set external address (address from the tab Sub-Allocate IP Pools);
- In the field Protocol set protocol;
- In the field Port set port;
- In the field Translated (Internal) IP/range set internal IP address like 192.168.2.2, for example.
3. Firewall must be configured now (Firewall setup). Default action is Deny. It means that Firewall will block all traffic. Rules must be configured in order to avoid this.
|« Setting up Firewall||Setting up Edge Gateway services »|