Currently on the private gateway there is no way to configure the Source NAT.
With this feature we can enable the source NAT service on the VPC private gateway.
Users might want to deploy multiple VPCs (with the same super CIDR) and/or guest Tier CIDR. So, there could be a possibility that multiple guest VM (from different VPCs) having the same IP need to reach a enterprise DC via the Private GW.
In these cases, NAT service is needed on the private GW.
Source NAT on private gateway can be enabled while adding private gateway. To enable source nat user can pass sourcenatsupported=true
parameter to the createPrivateGateway API. sourcenatsupported is not passed then source nat is not set on the private gateway.
It is an optional argument to API.
If Source NAT on private gateway is enabled then guest VMs in VPC reaches to enterprise network via private gateway ip address by NATing.
On deletion of private gateway deletes source NAT rules specific to private gateway.
API Name |
New parameter |
Value |
---|---|---|
createPrivateGateway |
sourcenatsupported(optional) |
true/false |
Table: private_ip_addres
new column: type default value
source_nat boolean 0
When user enables source NAT on the private gateway the below iptables rules get configured on the VR.
Example SNAT rule on VR for private gateway.
- eth3 Private gateway interface
- 10.147.52.108 - private gateway ip address.
iptables -t NAT -A POSTROUTING -o eth3 -j SNAT --to-source 10.147.52.108
The current private gateway configuration page needs a check box 'Set Source NAT' to enable/disable source NAT on private gateway
Xenserver
KVM
VmWare
No upgrade changes are needed.
To get source nat on existing private gateways, user need to delete and create with source NAT set.