Full NAT from one interface to another

Hello! I haven’t been able to solve the following problem for several days now.
I’m using VirtualBox and two guest machines - one on Ubuntu and the other on VyOS. Ubuntu ( is ONLY connected to eth1 VyOS ( VyOS also has a network adapter, eth0, which is connected to the host machine via NAT. The IP address for eth0 is obtained via dhcp. How can I configure VyOS so that my Ubuntu machine has full internet access through VyOS?

Read documentation:


So you really think that I didn’t think of reading the documentation before your answer, which requires incredible competence? I’m willing to bet that every time you attach a link to a site with documentation, you sit like “OOOOOO, I’M SO SO SMART, I GAVE THIS GUY THE MATERIAL, BUT NO ONE BUT ME KNOWS WHERE THE DOCUMENTATION IS, GOD DAMN.” Oh, and you probably also drink smoothies at the same time?

Moderator Note: Edited to remove swearing.

@seamant The link they gave you was what you need to do.

Please be a little more respectful here. If something isn’t working for you, people are happy to help but it’s also very helpful to show relevant configuration, what’s happening vs what you expect to happen and any debugging/logs you have.

No, what was offered to me via the link is not enough to solve my problem. I’ve already tried NAT: yes, from the user’s machine I can do something like ping and I get response packets. However, I still can’t use DNS: ping google.com displays the error “Temporary name resolution failure.”

And yes, I have configured DNS Forwarding on VyOS. However, I still can’t access sites by name on the user’s machine. ping google.com on VyOS works great.

Regarding disrespect: is it considered respectful, when answering a question, to immediately consider the author of the question to be an idiot who could not read the documentation himself?

The link is perfectly fine of how you setup NAT.

If you want to NAT everything then instead of source address you define inbound-interface compared to the example from the manual provided by previous poster.

Then you add the firewall rules needed to allow the SNATed traffic where most just allow anything from LAN to WAN (but by default block stuff initiated from WAN to LAN).

So what you need to do if things doesnt work out is to provide information of:

  1. Which VyOS version do you run and why (if not latest 1.3 LTS or 1.5 rolling)?

  2. How does your current config look like (output through: “show config commands | strip-private”).

  3. Did you verify with lets say tcpdump or tshark how output is with above config and what did you expect it to be instead?

None of this you shared in your original post - you asked how you can configure so one machine can use another and you were given a link that explained how to do that.
Only now have you shared that actually, IP fowarding appears to be working but there’s a DNS problem.

And again - you haven’t shared any configuration. What does your DNS forwarding configuration look like? What does your DHCP configuration look like, is your client PC getting told what DNS servers to use?

No one said/called or used the word idiot. This is sometihng you’ve imagined. Someone offered you a link they thought would be helpful - If you chose to interpret that as someone calling you an idiot - that’s on you.

Please share some details - @Apachez has already asked what some good information to share would be.

I will try to be consistent and show as much pose as possible

  1. Ubuntu machine - IP address of VyOS eht1

2)VyOS machine
I use VyOS 1.3, It has 2 ethernet interfaces: eth0 for NAT with host and eth1 for connection with Ubuntu

I can upload on;y one picture, so:

  1. Ubuntu net config
    2)VyOS ehternet interfaces
    3)NAT config
    4)DNS config
    5)tcpdump for ping and ping e.vyatsu.ru

If you assign as your DNS forwarder and as your router then your client cannot use as its host IP address.

So fix that so your client uses between and and your setup should work.

You would also need firewall rules to allow the traffic unless you do default-action:accept for input/output/forward filter.

1 Like

You have set the IP address manually, but DNS servers are set to automatic, which means they are provided via DHCP.
So set DNS servers manually.

1 Like

@pepe, @Apachez
Thanks a lot!

I set listen address to (IP address of interface eth1, which is used to connect to the Ubuntu machine)

Then in Ubuntu connection settings I set the DNS server address to

Now everything works, thanks again!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.