How to use groups on NAT?

Hi everybody!

How to use groups on NAT? I wang set nat source rule 200 source group xxxx ....,But I can’t do that.

Ubnt edgeos can use groups in NAT, so how to do it in vyos?

Hey @azureaa,

What are you actually trying to achieve, you may be able to combine some policy route config with NAT config for what you are after on VyOS. Posting the Edgeroute config may help as well.

Also are you using the 1.2 or 1.1.x of VyOS

Hey @garysteers,
I’m using Vyos rolling version.

The LAN address of A is 192.168.99.0/24, and that of B is 192.168.88.0/24. I only have the control of the router of A.

The two places connect the LAN through GRE tunnel,A router GRE tunnel address 10.1.1.1/24,B router GRE tunnel address 10.1.1.2/24.

Some VPN addresses on A router need to access 192.168.88.0/24, so SNAT is used to translate these VPN addresses into 10.1.1.1. These VPN addresses need to be changed frequently, so I don’t want to change NAT every time.

If I can use network-group, I can only modify network-group.

Is there a reason why you don’t SNAT the /24 of LAN A (or even a more exact /29 prefix if not all the subnet need it)? rather than individual addresses?

You can allow all to subnet then use a firewall ACL linked to a network group to only allow address you want to have access.

ok, thank you very much!!!

1 Like