Network Address Translation is the process by which a local IP address is translated into a global IP address to provide network access to the “internal” local IP range. Many public clouds offer NAT products, often pricing by instance hour and per GB of data processed. Running VNS3 as a NAT instance can cut your costs dramatically.
Using VNS3 as a NAT device is simple:
- Launch VNS3 with Source/Destination Check Disabled in a subnet with access to the public internet
- Add a Source NAT or Destination NAT rule to your VNS3 firewall
- Add a cloud route table rule for the network routable via VNS3. For example, if VNS3 as a NAT gateway for public internet you would add a routing rule for 0.0.0.0/0 to route to your VNS3 network interface IP.
10.1.0.0/24 be a network running in cloud that requires access to the internet. Let VNS3 be launched with a static public IP of
18.104.22.168 and a private ip of
- Add a route for
22.214.171.124. In AWS you will direct this route to the network interface. In Azure, you will set the Next Hop to be the private IP address of VNS3
- Add a VNS3 firewall NAT rule
POSTROUTING_CUST -o eth0 -s 10.1.0.0/24 -j SNAT --to 126.96.36.199. This replaces the source of traffic from 10.1.0.0/24 to the public IP of VNS3,
Typically you would run VNS3 in a small subnet that has an internet gateway. All other subnets would be private and instead rely on routing traffic via VNS3 to the public internet.