A simple firewall rule can allow VNS3 to act as your NAT Gateway in any cloud. 

Use the VNS3 Firewall to allow NATing (network address translation)
Network address translation (NAT), or NAT-ing, allows the instances or VMs in the VLAN to use the VNS3 Controller as a gateway, with all VLAN machines sharing the Controller’s public IP address.

This is the same behavior used in your home or office, where many devices can access the Internet via one shared public ip address. When a VLAN device accesses the Internet, its return traffic is routed to it.

Basically, VNS3 lets you use your cloud VLAN just like you treat your home or office network, isolated from inbound requests for service, but allowing most outbound service requests.

Simple Syntax:

In this example - your VNS3 Controller is in a VLAN subnet with a network from

Many clouds with VLAN capabilities map a public IP to the private IP on eth0 via DNS.

In the example we are telling the VNS3 Controller to “masquerade” for traffic coming from that subnet out to the Internet and then return the response packets to the requesting machine.


For more details on VNS3 Firewall rules, see the VNS3 Admin guide (pages 31 -35)

NOTE: Nat-ing traffic is different than NAT-T. NAT-Traversal specifies whether the communication happens via UDP 4500 or Protocol 50.