Src address translation (SNAT)

Source Network Address Translation (NAT) is to change packet source address to another IP based on packet IP field or header field. This is typically used for outbound Internet access. For example, when Internal users trying to browse Internet, the source IP (private addresses) must be translated to a public IP (typically mbox WAN IP) when packets leave mbox WAN interface.

mbox supports two types of source Network Address Translation (SNAT)

  • Static SNAT (SNAT, one static private IP mapped to one public IP)

  • Port Address Translation (PAT, multiple private IP sharing one public IP, most commonly used)

NOTE: The firewall access-rule also must permit the respective outbound access to Internet

#1 Port Address Translation (PAT)

!interface eth 0 enable ip address dhcp!firewall-snat 1 overload outbound eth0 <-----------PATfirewall-access 1 permit outbound eth0!

#2 Static SNAT

!interface eth 0 description "To Internet" enable ip address 49.128.70.68/28 remark HOST1 ip address 49.128.70.69/28 remark HOST2!firewall-snat 1 translate outbound eth0 ip src 10.90.19.101 xsrc 49.128.70.68 <-----------Static SNATfirewall-snat 3 translate outbound eth0 ip src 10.90.0.0/16 xsrc 49.128.70.69 <-----------PAT