vyos · natali-rs1985 · Oct 21, 2025
diff --git a/docs/vpp/configuration/nat/nat44.rst b/docs/vpp/configuration/nat/nat44.rst
@@ -10,10 +10,10 @@

 NAT44 has two main use cases:

 * **Source NAT (SNAT)**: Enabling Internet access for hosts in private networks using dynamic or static address translation
 * **Destination NAT (DNAT)**: Providing external access to internal services through static port forwarding rules

 VyOS supports both dynamic translation using address pools and static mappings for predictable address translation requirements.

 Configuration of NAT44 involves few steps:

@@ -23,35 +23,35 @@
 Dynamic and Static Operations
 =============================

 NAT44 configuration can be done in one of two ways or in both ways simultaneously:

 1. Dynamically performing NAT using a pool of public IP addresses.
 2. Statically mapping private IP addresses to public IP addresses.

 To configure dynamic NAT, you need to define a pool of public IP addresses that will be used for translation. This offers an easy way to provide Internet access to internal users.

 Static rules are more suitable for scenarios where you need to provide consistent and predictable mappings between private and public IP addresses, also they are the only way to configure DNAT.

 Interfaces Configuration
 ========================

 The first step in configuring NAT44 is defining which interfaces handle inside (private) and outside (public) traffic. VyOS uses these interface designations to determine the direction of translation.

 Inside Interfaces
 -----------------

 Inside interfaces connect to private networks where hosts need source NAT to access external networks.

 .. cfgcmd::

   set vpp nat44 interface inside <inside-interface>

 Traffic flowing **from** inside interfaces gets source NAT applied, translating private source addresses to public addresses from the translation pool.

 Outside Interfaces
 ------------------

 Outside interfaces connect to public networks where external hosts may need to access internal services.

 .. cfgcmd::

@@ -158,7 +158,6 @@
 
    * For dynamic NAT to work, you must configure at least one **translation** pool
    * For static rules with twice-nat options, you must configure a **twice-nat** pool
-   * All external IP addresses used in static rules must belong to one of the configured pools
    * Interface-based pools automatically include main (first) IP address assigned to the specified interface
 
 Pool Selection Priority
@@ -273,7 +272,8 @@
 
 .. important::
 
-   Using self-twice-nat option requires to set interface connected to the local network as both inside and outside interface, because both source and destination NAT need to be applied.
+   * Using self-twice-nat option requires to set interface connected to the local network as both inside and outside interface, because both source and destination NAT need to be applied.
+   * External IP address used in static rules must belong to one of the configured translation pools
 
 Out-to-In Only
 ^^^^^^^^^^^^^^