Is SNAT enough for traffic both ways?


This is more like a general question:

I’ve set up a computer in an Internal Network and that computer (Host) go throw Vyos.

I couldn’t ping before doing SNAT on the vyos. now, after doing SNAT, i can ping but can’t browse it (no proxy or anything).

The question is: Should i add destination NAT or something like that?.. do i need anything else for browsing websites (and not only ping them?).

Thank you!.


Start here:

Make sure you have the basics understood


Hi :slight_smile:
The link you posted was one of the tutorials i’ve been throu.
Unfortuantly it shows commands and less explenations.
would be happy to get an answer in a general way (simply asked if SNAT is all you need for browsing webpages, or … do i need anything else since i can ping but not browse).

Thank you!.


as long as your SNAT and DNS are properly set, there is nothing in VyOS that would actively block HTTP traffic, unless you configured it to do so.


Is it ok with you that i’ll upload my configuration for review? (There is not much on it. only these 2 plus few extra config commands).
Thank you!.


sure, throw it in some code tags and let us see it. Also, a network diagram would help us understand your layout.


Problem is solved. You were right, and all I needed was SNAT and DNS.
It appears that there was some kind of external firewall application (not windows firewall) which blocked pretty much everything except ping requests. So ping requests were able to go throw but all other things couldn’t. with that being said, many thanks for your help.