~allie/website-2020

bc0d1a1eec755fb80e0a7ef82691d557d3972d09 — Alfie Pates 2 years ago 0b7315d master
can i remember how to blogpost?
1 files changed, 44 insertions(+), 0 deletions(-)

A content/2021-06-25-usg-nat.md
A content/2021-06-25-usg-nat.md => content/2021-06-25-usg-nat.md +44 -0
@@ 0,0 1,44 @@
title: Disabling NAT for a single subnet on the Unifi USG

Wow, it's been a year since I've published a blog post. Oops.

Super simple one today: Client has a USG in their space, and a routed /29 subnet
from their ISP. We want to throw that subnet on a VLAN so we can hang certain
pieces of gear directly off the internet; crucially, _without NAT_. 

First, configure the subnet as normal in the USG GUI. **Remember that Unifi
uses the first IP address to define a network: for `192.168.0.0/24`,
type `192.168.0.1/24` etc.**

To disable NAT, use the following snippet in your [`config.gateway.json`][json]:

[json]: https://help.ui.com/hc/en-us/articles/215458888-UniFi-USG-Advanced-Configuration

```
{
	"service": {
		"nat": {
			"rule": {
				"5999": {
					"exclude": "''",
					"outbound-interface": "eth0",
					"source": {
						"address": "192.0.2.1/29"
					},
					"type": "masquerade"
				}
			}
		}
	}
}
```

Replace `eth0` with your WAN interface (on a USG Pro, WAN1 is `eth2` and WAN2 is
`eth3`) and obviously replace `192.0.2.1/29` with your routed subnet. 

----

_Do I still do soundtracks to blogposts? Anyway, the soundtrack to this
blogpost is [Polo & Pan's **Caravelle**][soundtrack]. It's so French. **So** French._

[soundtrack]: https://music.apple.com/gb/album/caravelle-deluxe/1389911110