Dnat rule doesn't support ext network with org user

[vbauzys]

Current dnat resource has limitation using external network. User has to be sys admin, as it uses getExternalNetwork function which requires sys admin rights. According advanced gtw UI, seems there is possibility to acquire ext networks with org admin User.

[pasikarkkainen]

Also the legacy Standard Edges did support configuring DNAT/SNAT for the External Network, using normal tenant admin account. I've used that a lot. Also with terraform vcd provider :)

[pasikarkkainen]

Simple example which configures DNAT rule which is applied on the External Network of the EdgeGw:

resource "vcd_dnat" "jumpbox-ssh" { edge_gateway = "${var.edge_gateway}" external_ip = "${var.edge_ext_ip}" port = 22 internal_ip = "${var.jumpbox_int_ip}" }

This works OK with terraform vcd provider (at least up to v2.3.0, which I'm using atm). It works with both Standard and Advanced Edges. It requires the external IP is sub-allocated properly by the admin though, which allows the tenant to use it for NAT rules on the EdgeGw, otherwise it cannot be used.