vr_sdnat4

SDNAT4

This feature maps (1:1) public IP addresses to private IP addresses, defining both SNAT and DNAT rules in iptables.

For example, when three NICs (eth0, eth1, eth2) are attached to a VR:

CONTEXT = [
  ...
  ONEAPP_VNF_SDNAT4_ENABLED    = "YES",
  ONEAPP_VNF_SDNAT4_INTERFACES = "eth0 eth1", # same as "!eth2"
  ...
]

And a special NIC_ALIAS section is added to the backend VM's template:

$ onevm nic-attach backend_VM_name_or_ID <<'EOF'
NIC_ALIAS = [
  NETWORK_ID = "0", # ID of the 10.2.11.0/24 VNET.
  PARENT     = "NIC0",
  EXTERNAL   = "YES" ] # Must be set to "YES" to enable SDNAT4 mapping.
EOF

Gives:

$ iptables -t nat -vnL DNAT4
Chain DNAT4 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    1    12 DNAT       0    --  *      *       0.0.0.0/0            10.2.11.201          to:172.20.0.128
$ iptables -t nat -vnL SNAT4
Chain SNAT4 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    1    34 SNAT       0    --  *      *       172.20.0.128         0.0.0.0/0            to:10.2.11.201

Where 10.2.11.201 is considered public and is defined on the lo NIC inside the master VR instance:

$ ip addr show lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 10.2.11.201/32 scope global SDNAT4
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever

Connecting to 10.2.11.201 should forward all packets for all protocols, both ways:

$ ssh root@10.2.11.201 ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 02:00:ac:14:00:80 brd ff:ff:ff:ff:ff:ff
    inet 172.20.0.128/24 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::acff:fe14:80/64 scope link
       valid_lft forever preferred_lft forever

Context Configuration Attributes

Parameter	Default	Description
`ONEAPP_VNF_SDNAT4_ENABLED`	`NO`	Enable/Disable SNAT/DNAT feature (`YES/NO`)
`ONEAPP_VNF_SDNAT4_INTERFACES`	none	Mandatory: List of NICs among which to detect mappings (`<[!]ethX> ...`)
`ONEAPP_VNF_SDNAT4_REFRESH_RATE`	`30`	Refresh rate between updates of the mapping rules (`seconds`)

Home

OpenNebula Apps Overview
OS Appliances Update Policy
OneApps Quick Intro
Build Instructions
Linux Contextualization Packages
Windows Contextualization Packages
OneKE (OpenNebula Kubernetes Edition)
Virtual Router
- Overview & Release Notes
- Quick Start
- OpenRC Services
- Virtual Router Modules
  - Router4
  - NAT4
  - SDNAT4
  - Load Balancing
  - DNS
  - DHCP4
  - Keepalived: Failover
  - Wireguard VPN
- Glossary
WordPress
- Overview & Release Notes
- Features and usage
Harbor Container Registry
MinIO
Ray AI
Development
- Virtual Router

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

vr_sdnat4

SDNAT4

Context Configuration Attributes

Clone this wiki locally