Wow, it's been a year since I've published a blog post. Oops.

Super simple one today: Client has a USG in their space, and a routed /29 subnet from their ISP. We want to throw that subnet on a VLAN so we can hang certain pieces of gear directly off the internet; crucially, without NAT.

First, configure the subnet as normal in the USG GUI. Remember that Unifi uses the first IP address to define a network: for 192.168.0.0/24, type 192.168.0.1/24 etc.

To disable NAT, use the following snippet in your config.gateway.json:

{
    "service": {
        "nat": {
            "rule": {
                "5999": {
                    "exclude": "''",
                    "outbound-interface": "eth0",
                    "source": {
                        "address": "192.0.2.1/29"
                    },
                    "type": "masquerade"
                }
            }
        }
    }
}

Replace eth0 with your WAN interface (on a USG Pro, WAN1 is eth2 and WAN2 is eth3) and obviously replace 192.0.2.1/29 with your routed subnet.

Do I still do soundtracks to blogposts? Anyway, the soundtrack to this blogpost is Polo & Pan's Caravelle. It's so French. So French.