Hello Folks...
I am in the process of creating a bubble network behind a ESG to support development, etc...There will be a number of vms created in this bubble network, so we would like to explore using SNAT and DNAT to conserve IP addresses. SNAT is relatively straight forward, going to assign a IP address for SNAT so all VMs south of the ESG and access the network north of the ESG.
Question is for DNAT. Is it possible utilizing the ESG to use a single IP address to provide connectivity to multiple servers using port address translation?
As the TCP Ports used by Edge itself (not to use for dNAT), they could be general ports for protocols like Ntp, Dns, SSH, Syslog, Snmp. The Tcp and Udp ports for NSX-T is below (for Nsx-v could be similar)
TCP and UDP ports used by NSX Edge
For the Tcp Ports used for NAT on the Edge these links could be helpful:
Networking&Security > NSX Edges > (Selecting NSX Edge) > Manage > NAT
show nat command on Edge CLI also lists the source and Nat translated ports:
https://vcrooky.com/2017/08/nsx-troubleshoot-dhcpdnsnat-service-issues/
For DNAT, using same outer IP for different internal VMs could be possible as long as the TCp ports are different. This makes it possible not to reserve a unique IP for every VM that will service outside
These links could be helpful:
A destination NAT rule can also translate port numbers, allowing you to overload a single IP address to expose multiple services using different incoming ports.
NSX-V Edge NAT – Route to Cloud
Traffic Flow of Destination NAT through Edge Gateway – Stretch Cloud – Technology Undressed
Thanks this is great start. For the DNAT setup, I will setup mapping port numbers, to further explain I will have to the following base on your response
DNAT: Source Port 22 - Port 22: Server A (Access an application installed on this server)
Source Port 223 - Port 22 Server B (Access an application installed on this server)
With that being said, is there a way to list all the ports that are listening and available on an NSX Edge?
As the TCP Ports used by Edge itself (not to use for dNAT), they could be general ports for protocols like Ntp, Dns, SSH, Syslog, Snmp. The Tcp and Udp ports for NSX-T is below (for Nsx-v could be similar)
TCP and UDP ports used by NSX Edge
For the Tcp Ports used for NAT on the Edge these links could be helpful:
Networking&Security > NSX Edges > (Selecting NSX Edge) > Manage > NAT
show nat command on Edge CLI also lists the source and Nat translated ports:
https://vcrooky.com/2017/08/nsx-troubleshoot-dhcpdnsnat-service-issues/