NAT for non-tunnel-bound Traffic

If you set up egress filtering, SNAT so private instances can access the internet through the AVX gateway. With SNAT enabled, traffic going through the gateway will leave with the private IP of the gateway as its source. This is fine for common use cases; however, it can present a problem if you want the source unchanged for traffic destined for your data center or another VPC, for example. In this guide, we will show you how to set up the SNAT to only change the source IP for traffic headed out of the gateway on the eth0 interface and not the tunnel interface(s).

Steps to Enable SNAT for non-Tunnel Traffic

  1. Login to your AVX Controller

  2. Navigate to Gateway

  3. Select the Gateway and click Edit

  4. Scroll down to the Source NAT section

Configure

Source Nat Fields
  1. Select the Customized SNAT radio button

  2. Click the + Add New button

  3. Enter the values in the fields as follows:

    Field Value

    Src CIDR

    enter the CIDR for this VPC

    Src Port

    Leave blank

    Dst CIDR

    Leave blank

    Dst Port

    Leave blank

    Protocol

    all

    Interface

    eth0

    Mark

    Leave blank

    SNAT IPs

    enter the private IP of the gateway

    SNAT Port

    Leave blank

    To find the Private IP address of the gateway, scroll to the top and click the three lines next to Gateway Detail.

    Get Private IP
  4. Click Save

  5. Click Enable SNAT

This enables NAT only for traffic that is leaving the gateway via eth0. For traffic going to the data center or to other spokes, the traffic will be leaving via a tunnel interface rather than eth0.