I am trying to do source NAT-ing where there is a pool of translation addresses and any given internal client gets the same public IP each time it connects out. In pure iptables this is easy to do: just add the --persistent option to the SNAT line. I just don’t know how to do it on VyOS (version 1.1.3).
Our config.boot currently has a section like this:
nat {
source {
rule 1 {
outbound-interface eth0
source {
address 172.16.0.0/24
}
translation {
address x.x.x.1-x.x.x.16
}
}
[etc…]
This becomes the following in the iptables nat table:
-A POSTROUTING -s 172.16.0.0/24 -o eth0 -m comment --comment SRC-NAT-1 -j SNAT --to-source x.x.x.1-x.x.x.16
What I want is this:
-A POSTROUTING -s 172.16.0.0/24 -o eth0 -m comment --comment SRC-NAT-1 -j SNAT --to-source x.x.x.1-x.x.x.16 --persistent
I have actually tested this config by making the change directly in iptables and it works. It does exactly what we want. Unfortunately I have not found anything in the VyOS documentation about a "persistent" keyword for source NAT. Is there a way to add persistence for an snat rule via the VyOS configuration?