To change the source IP address from a public to a private IP address or the reverse, create a NAT (SNAT) rule. To change the destination IP address from a public to a private IP address or the reverse, create a destination NAT (DNAT) rule.

When you configure a SNAT or a DNAT rule on an edge gateway in the vCloud Director environment, you always configure the rule from the perspective of your organization VDC. A SNAT rule translates the source IP address of packets sent from an organization VDC network out to an external network or to another organization VDC network. A DNAT rule translates the IP address and, optionally, the port of packets received by an organization VDC network that are coming from an external network or from another organization VDC network.

Prerequisites

The public IP addresses must have been added to the edge gateway interface on which you want to add the rule.

Procedure

  1. Navigate to Networking > Edges.
  2. Click the edge gateway and click NAT.
  3. To add a rule, click Add.
  4. Configure a Source NAT rule (inside going outside).
    Option Description
    Name Enter a name for the rule.
    State To enable the rule upon creation, turn on the State toggle.
    Interface type Select the interface on which to apply the rule.
    External IP Enter the IP address or a range of IP addresses of the virtual machines for which you are configuring SNAT, so that they can send traffic to the external network.
    Internal IP Enter the public IP address of the edge gateway for which you are configuring the SNAT rule.
    Enable logging. To have the address translation performed by this rule logged, turn on the Enable logging toggle.
  5. Configure a Destination NAT rule (outside going inside).
    Option Description
    Name Enter a name for the rule.
    State To enable the rule upon creation, turn on the State toggle.
    Interface type Select the interface on which to apply the rule.
    External IP Enter the public IP address of the edge gateway for which you are configuring the DNAT rule.

    The IP addresses that you enter must belong to the suballocated IP range of the edge gateway.

    Application (Optional) Select a specific application port profile to which to apply the rule.

    The application port profile includes a port and a protocol that the incoming traffic uses on the edge gateway to connect to the internal network.

    Internal IP

    Enter the IP address or a range of IP addresses of the virtual machines for which you are configuring DNAT, so that they can receive traffic from the external network.

    Internal Port (Optional) Select the port or port range into which the DNAT rule is translating for the packets inbound to the virtual machines.
    Enable logging. To have the address translation performed by this rule logged, turn on the Enable logging toggle.
  6. Click Save.
  7. To configure additional rules, repeat these steps.