Destination NAT (DNAT) changes the destination address in the IP header of a packet. The primary purpose of this is to redirect incoming packets with a destination of a public address/port to a private IP address/port inside the network.

Procedure

  1. Go to Gateways(Selected Gateway)NETWORKNATAdd.
  2. Select Destination for NAT type.
  3. Configure the NAT settings:
    Option Description
    Ingress interface
    Select ANY or any L3 interface from the drop-down list to act as the interface for network traffic that originates from outside of the network’s routers and proceeds toward a destination inside of the network.
    For Cloud Edge gateways with wireless network functionality, you can select a wireless network interface as the ingress interface provided that wireless network (main or guest) is enabled.
    Destination IP translation
    Select from the following options:
    • Ingress interface IP address and then specify Translated IP address/range.
      The ingress interface is used for the external IP address and the specified translation IP address/range is used for translating (mapping) the ingress interface IP address to an internal IP address.
    • Virtual IP and then specify External IP address/range and Translated IP address/range.
      You must explicitly specify an external IP address/range to use for NAT mapping.
      The translated IP address range is automatically generated according to the beginning IP address. The mapping is one-to-one of external IP addresses to translated IP addresses.
    Description
    Specify an identifying characteristic about the use or configuration for the NAT rule.
    Port forwarding
    Port forwarding: Select On for static one-to-one NAT mapping with port forwarding.
    When On, an external IP address is always translated to the same mapped IP address, and an external port number is always translated to the same mapped port number.
    If set to On, specify the following:
    • Protocol: Select TCP or UDP.
    • External service port: Specify a port range.
      Map to port: Specify a port.
      When you specify the External service port range, the Map to port is generated automatically according to the beginning port. The mapping is one-to-one.
    Set matching condition
    You can specify more detailed information or matching conditions, including:
    • Source IP address range
    • Source port range
  4. Click Save.
  5. Verify that the new rule is added to the list of NAT rules.