How to use groups on NAT?

Hi everybody!

How to use groups on NAT? I wang set nat source rule 200 source group xxxx ....,But I can’t do that.

Ubnt edgeos can use groups in NAT, so how to do it in vyos?

Hey @azureaa,

What are you actually trying to achieve, you may be able to combine some policy route config with NAT config for what you are after on VyOS. Posting the Edgeroute config may help as well.

Also are you using the 1.2 or 1.1.x of VyOS

Hey @garysteers,
I’m using Vyos rolling version.

The LAN address of A is, and that of B is I only have the control of the router of A.

The two places connect the LAN through GRE tunnel,A router GRE tunnel address,B router GRE tunnel address

Some VPN addresses on A router need to access, so SNAT is used to translate these VPN addresses into These VPN addresses need to be changed frequently, so I don’t want to change NAT every time.

If I can use network-group, I can only modify network-group.

Is there a reason why you don’t SNAT the /24 of LAN A (or even a more exact /29 prefix if not all the subnet need it)? rather than individual addresses?

You can allow all to subnet then use a firewall ACL linked to a network group to only allow address you want to have access.

ok, thank you very much!!!

1 Like