vCloud Director 5.1 comes with some changes from 1.5, in the sense that IP masquerading setting was removed and there is no default rule on the firewall. Since at office I work on 1.5 and since there is a glitch in the way NAT is implemented, it took me a bit of troubleshooting to figure it out.
My problem was simple - pass traffic out of the organization from a VM 192.168.20.100 to an external server at 192.168.1.200:
This is done in 3 steps:
- sub allocate the IP pool on the external network
- configure NAT rules
- configure firewall rules
Second, configure NAT rules. Go to Edge Gateway, select the gateway, Edge Gateway services menu, NAT tab, Add SNAT. In the rule select the external interface - the one connecting to the external networks, fill in IP address or subnet of the source VMs and choose as destination IP one of the external IPs from the sub-allocated pool:
Third step is to configure the firewall rules (remember, no default rules in 5.1). Go to Firewall tab and add the rule. I have also added an incoming rule to make the Edge Gateway respond to ping.
Finish the configuration, go to your VM and test the connectivity. You may read about the changes in the following VMware KB.
However, if the test does not work, you can do a bit of troubleshooting: go to vSphere Client, open a console to Edge Gateway, enter admin/default credentials and use the following debug command:
debug packet display interface vNic_0 host_192.168.1.200