Vyatta documentation (available after registration) provides many configuration examples and full command syntax reference. Today I’m going to explain how to set Masquerade NAT in Vyatta Core. Please forgive me if my explanation is not quite clear, let me know if you need more information (leave comments!)
My lab has started with a basic configuration where I’m not using VLAN (but I will…) so I’ve configured several interfaces in my Vyatta Core router. I want my virtual machines to be able to get packets from Internet but unfortunately the router which connects me to Internet has no way to add routes so it doesn’t know how to deal with packages from the networks behind my router.
I need to translate the source address of packages from 192.168.10.0/24, 192.168.20.0/24, 192.168.30.0/24 and 192.168.30.0/24 networks so one address of 192.168.1.0/24 network is used when those networks try to connect to Internet. I will configure “Masquerade” NAT so the eth0 IP address of my Vyatta Core router (watson) will be used as the source address for package source translation. For example, if I want to translate 192.168.10.0/24 source address packets with the one set in eth0 I’ll use this commands:
//I've used 10 as the route number identifier, but you can use any other unused number in your configuration vyatta@one-router:~$ configure  vyatta@one-router# set nat source rule 10 outbound-interface eth0  vyatta@one-router# set nat source rule 10 source address 192.168.10.0/24  vyatta@one-router# set nat source rule 10 translation address masquerade  vyatta@one-router# commit  vyatta@one-router# save
OK, thanks to this masquerade NAT, my virtual machine can download packages from Internet. Important: this translation won’t allow these virtual machines to be reachable from Internet.