Description

This article describes how to add a NAT Rule to a Network (MCP 1.0) or Network Domain (MCP 2.0)

Recommended reading: Introduction to Network Address Translation (NAT) Rules

Prerequisites:

  1. Only the Primary Administrator or a Sub-Administrator with the Network role can add NAT Rules.
  2. "Server / IP Address" corresponds to the internal IP address for the NAT rule. Depending on the selection different validation criteria can apply:
    1. An IP address entered here:
      1. must be a valid IPv4 address in dot-decimal notation and can be non-RFC 1918 as long as it falls within the constraints below and on Introduction to IP Addressing in MCP 2.0.
      2. must not be the Listener IP Address of a Virtual Listener on the same Network Domain. See How to Create a Virtual Listener on a Network Domain.

      3. must not be in use as the Server / IP Address on another NAT Rule on the same Network Domain. 

      4. must not be in the address space of a Public IPv4 Address Block deployed on the same Network Domain.

      5. must not already be in use as External IP Address on a NAT Rule.

      6. must not overlap with the Outside Transit VLAN Subnet of the same Network Domain. For details refer to Introduction to IP Addressing in MCP 2.0.

      7. must not overlap with any of the System-Restricted IP addresses. For details refer to Introduction to IP Addressing in MCP 2.0.

    2. If "Server / IP Address" is within the space of a VLAN deployed on the same Network Domain then:
      1. It cannot be the Network Address (x.x.x.0) at the start of the IP range or the Broadcast Address (x.x.x.255) at the end of the IP range.

      2. If the VLAN has Low gateway addressing, x.x.x.1-x.x.x.5 at the bottom of the VLAN range are system reserved and cannot be used.

      3. If the VLAN has High gateway addressing, x.x.x.252-x.x.x.254 at the bottom of the VLAN range are system reserved and cannot be used.
        For details about VLAN gateway addressing refer to How to Deploy a VLAN on a Network Domain

  3. You cannot create a NAT on the Network Domain SNAT Address
  4. For MCP 2.0 only:
    1. If an external IP represents an IPv4 address that IS a part of a Public IPv4 Block on the same Network Domain, then the external IP:
      1. Cannot already be used as an external IP for another NAT on the same Network Domain
      2. Cannot already be used as a Virtual Listener on the same Network Domain
    2. If an external IP is not part of a Public IPv4 Block on the same Network Domain, then:
      1. Can be either RFC 1918 or non-RFC 1918
      2. Cannot lie within a VLAN range of a VLAN on the Same Network Domain, which may be RFC 1918 or non-RFC 1918.
      3. Cannot Already be used as an external IP for another NAT on the same Network Domain
      4. Cannot Already be used as a Virtual Listener on the same Network Domain
      5. Cannot be part of the transit subnet for the same Network Domain
      6. If the external IP is non-RFC 1918, it cannot lie within the non-RFC 1918 reserved space

Content / Solution:

MCP 2.0

  1. From the Home page, select the MCP 2.0 Data Center where the Network Domain on which you want to create a NAT Rule is located:


  2. The Data Center dashboard will be displayed. Select the Network Domain on which you want to create the NAT Rule:


  3. The Network Domain dashboard will be displayed. Click on the Public IPv4 Addresses and NAT Rules tab:


  4. Click on the Actions button and select Create NAT Rule from the drop-down menu:


  5. The Create Network Address Translation dialog will be displayed:

     

  6. Fill out the form by entering the desired External/Public IPv4 Address and the Internal IP Address, then click Create: 

    Note: You can start typing the Internal IP Address or Name of the desired Server and the system will present a drop-down list of options to choose from.

  7. The system will display a success message:


  8. The system will create the NAT Rule and the UI will be updated to reflect the change:

    Note: Hovering your mouse over the  NAT Rule icon will display the NAT ID:

    Note: Click the Copy button to copy the NAT Rule ID to your clipboard:


  9. The Create Firewall Rule dialog will be opened.

    Create a Firewall Rule as described in How to Create a Firewall Rule on a Network Domain

MCP 1.0

  1. From the Home page, select the MCP 1.0 Data Center where the Network on which you want to create a NAT Rule is located:


  2. The Data Center dashboard will be displayed. Select the Network on which you want to create the NAT Rule:


  3. The Network dashboard will be displayed. Click on the Public IPv4 Addresses and NAT Rules tab:


  4.  Click on the Actions button, and then select Create NAT Rule from the drop-down menu:


  5.  The Create Network Address Translation dialog will be displayed:


  6. Enter the Server Name or IPv4 Address that you wish to be associated with the NAT Rule in the space provided:

    Note: You can start typing the Name of the Server, or start typing the IP Address and the system will display a list of options to choose from.

  7.  Once you have selected the desired Cloud Server / IP Address, click the Create button:


  8.  The system will display a success message:


  9.  The system will create the NAT Rule and the UI will be updated to reflect the change: