Maybe this has been asked before, but my search turned up nothing recent. I’m trying to investigate if dynamic NAT works (and if so, how it works) in VyOS. I found this very old article for Vyatta, but the syntax doesn’t seem to be the same: http://openmaniak.com/vyatta_case6.php
Basically, it says something like this:
set service nat rule 1
edit service nat rule 1
set type source
set translation-type dynamic
set outbound-interface eth0
set protocols all
set source network 10.0.0.0/24
set destination network 0.0.0.0/0
set outside-address address 126.96.36.199/28
However, I fail to see where I could specify the “dynamic” translation type in VyOS 1.1.6.
What I’m trying to achieve is to have internal RFC 1918 addresses for all my clients (e.g. 10.1.1.0/24), possibly over several internal subnets, and dynamically 1:1 NAT from a (or multiple possibly smaller) pool(s) of public addresses (currently a single /22, but that could change). Our ISP requires that all users are assigned public addresses in case of abuse reports, so I cannot masquerade them but I need to segment them internally to allow/deny access to certain internal “zones”. Perhaps I’m using the wrong approach for this? I imagine that a bit more complex version of this is what I’m looking for, with multiple pools on both sides: http://www.firewall.cx/networking-topics/network-address-translation-nat/231-nat-dynamic-part-1.html
I understand that I could possibly run out of public addresses using this approach, but in that case I’m fine with the clients being denied access.
Thanks in advance!