Showing results for 
Search instead for 
Did you mean: 
Join Customer Connection to register!

Destination NAT on a Router for 1 Source IP

Hi All,

This is fancy NAT question for yal and most people don't have to do this, but my network is very restrictive! 


Internet works fine for all devices and I have PAT on my firewall already.

I want to do this before it hits my firewall, which is on my local router that this machine sits at.


To get postage rate updates, this Postage-Machine- goes to for DNS.  Somewhere in the programming which I can't control, it uses DNS-PUBLIC-  


My company firewall blocks all public DNS and they said no to opening it up for this and told me to NAT it.  So I want to NAT the destination  DNS-PUBLIC- to my internal DNS-PRIVATE- for this 1 SOURCE-POSTAGE-MACHINE-


I only want to do this to 1 SOURCE-POSTAGE-MACHINE- only and not all source.


Source (postage machine):

Destination: UDP-53  -->   NAT to UDP-53



I thought of this, but the thing is that the below allows any source to go to to be NATed.  I only want 1 ip to be able to do this NAT, not all source.  This is how I would do it, but I'm just missing on how I would restrict it to this 1 source ip instead of applying it to all source ip.


ip nat outside source static udp 53 53 extendable


interface Gig0

 ip address

 ip nat inside


interface Serial0

 description MPLS

 ip address

 ip nat outside




paul driver
VIP Mentor

Your host machine has the same ip address as you nat routers inside lan facing interface?

As for the dns, your pc will use google dns anyway so you dont need a static  nat outside entry for that, A simple static inside nat entry should work fine as long as it doesn't conflict wth the rts lan facing interface ip.

ip nat inside source static udp 10.2,2,X.10 53 interface serial0 53

kind regards

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future

My devices can access internet and works and is being PAT at the firewall, my firewall blocks all public DNS, the company does not allow public DNS. So I want to NAT this destination public DNS- to my private DNS- before it hits the firewall. This only effects this 1 postage machine, that has a public DNS- hard coded into their programming which no one can change.