You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/vpp/configuration/nat/nat44.rst
-18Lines changed: 0 additions & 18 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -554,24 +554,6 @@ This setting helps prevent memory exhaustion and ensures predictable performance
554
554
# Increase session limit for high-capacity deployment
555
555
set vpp settings nat44 session-limit 100000
556
556
557
-
Forwarding Behavior
558
-
-------------------
559
-
560
-
By default, VyOS NAT44 forwards packets that don't match any NAT rules according to the routing table. This behavior can be controlled:
561
-
562
-
.. cfgcmd:: set vpp settings nat44 no-forwarding
563
-
564
-
Disable forwarding of packets that don't match existing NAT translations. When enabled, only packets that match static or dynamic NAT rules will be processed; all other traffic will be dropped.
565
-
566
-
.. important::
567
-
568
-
This is a significant difference from traditional NAT solutions. By default, VyOS NAT44 allows non-NAT traffic to be forwarded normally. Using ``no-forwarding`` creates a pure NAT-only device that drops any traffic not covered by NAT rules.
569
-
570
-
**Use cases for no-forwarding:**
571
-
572
-
* **Pure NAT gateway**: When the router should only handle NAT traffic and drop everything else
573
-
* **Security isolation**: Preventing any non-NAT traffic from traversing the device
0 commit comments