NAT Exemption rules

This topic contains 1 reply, has 0 voices, and was last updated by  Luigi10 7 years, 2 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #43280

    Luigi10
    Member

    Is there a way to set up a NAT exemption rule on the Zeroshell? We’re trying to come up with an implementation where the Zeroshell box is the default gateway for one of our client’s networks and it uplinks to a cable connection and a WAN connection back to our network. We have been using the Zeroshell to NAT at the cable connection and keep the connection towards our WAN unNAT’ed. We would then NAT the traffic from the client at our WAN edge using a Cisco ASA firewall. We’re testing a solution where the client’s servers would be NAT’ed at the Zeroshell box for the connection going towards our WAN instead of having it NAT’d at the ASA. The problem we would then have is being able to hit the client’s computers directly over their 10.x.x.x internal IP addresses. If we could set up NAT exemption on the Zeroshell, we would be able to reach the client directly over their 10.x.x.x addresses from a LAN inside our core network. Please let me know if anyone has a way to do this or if you need more information. Thanks!

    #52209

    jobe
    Member

    We needed to do something similar. Instead of creating exemptions, we just defined what internal IP ranges needed to be NAT’ed. Everything else isn’t.

    We did not enable NAT on any interfaces in the GUI. I added the following line to the startup scripts under NAT and Virtual Servers. You can add multiple lines if needed.


    iptables -t nat -A POSTROUTING -s 172.21.0.0/16 -o ETH01 -j MASQUERADE
    #52210

    Luigi10
    Member

    Thanks Jobe.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.