No Nat question?

Question

In what instance would you use a NO NAT rule? Please don't say when you need no nat!! And is a NO NAT the same as not having any NAT enabled? 
 
 10.1.100.0/24 >>> 192.168.1.1 >>> 192.168.1.2 >>> 172.16.1.0/24 
 In the above example (from left to right) 
 MASQ would make 10.1.100.0/24 appear as 192.168.1.1 to 172.16.1.0/24 SNAT would do the same if configured What would NO NAT do?

rsenio · Accepted Answer

Click the '?" on that page. Brings you to the help documents

No NAT: This option can be regarded as a kind of exception rule. For example, if you have a NAT rule for a defined network you can create a No NAT rule for certain hosts inside this network. Those hosts will then be exempted from NAT.

kerobra_retired · Answer

An example where I use NONAT: 
 Normally I am only doing DNAT (incoming) for single ports. In cases where DNATing a complete ranges is required NONAT can be used to exclude single ports in the port range. I recently had a testing setup, where forwarding the whole incoming traffic to another UTM was required. Since IPsec VPN had still to work with the UTM1 I added two NAT rules on UTM1: 
 1) NONAT: AnyIPv4 to UTM1-WAN using IPsec 
 2) DNAT: AnyIPv4 to UTM1-WAN using Any service -> UTM2-WAN 
 
 In your example it depends on: 
 - is a web proxy involved (then 192.168.1.1 will always be the "outgoing" IP, at least if we say the WAN-interface has a default gateway set)? - to keep it simple I will expect "no proxy" or "172.16.1.0/24" is skipped as destination. 
 MASQ will then "hide" the 10.1.100.0/24 source IPs behind the IP 192.168.1.1 (or even 192.168.1.2, if NAT is used there, too). SNAT will do the same, but you can be more precise with configuring serveral services.