NAT only one interface? Home Page › Forums › Network Management › Networking › NAT only one interface? This topic contains 0 replies, has 0 voices, and was last updated by dnsadmin 7 years, 6 months ago. Viewing 2 posts - 1 through 2 (of 2 total) Author Posts August 4, 2011 at 4:50 pm #43093 dnsadminMember I have just started poking around and haven’t found a way to accomplish this yet… my hunch is it may require a manually inserted firewall rule via script? Anyhow, given ETH00 (outside interface, public routed IP), ETH01 (inside firewalled interface, public routed IP) and ETH02 (private IP space inside firewall). The default route is via ETH00. I’d like to NAT traffic from the private IP space (ETH02) and NOT nat the ETH01 (and obviously ETH00) traffic. Normally, I set the ETH00 as a nat interface — however that results in both ETH01 and ETH02 traffic getting natted, which for application reasons isn’t acceptable. Thoughts/Comments on how to best accomplish this? Thanks all August 5, 2011 at 1:13 pm #51918 dnsadminMember What I’m coming up with is: -A POSTROUTING -i ETH02 -o ETH00 -j MASQUERADE Alternatively, perhaps: -A POSTROUTING -s 192.168.0.0/24 -o ETH00 -j MASQUERADE or -A POSTROUTING -i ETH02 -s 192.168.0.0/24 -o ETH00 -j MASQUERADE Any thoughts? Plan on trying this next downtime I can arrange. [It’d be awesome to get something like this in the NAT section of the GUI!] Author Posts Viewing 2 posts - 1 through 2 (of 2 total) You must be logged in to reply to this topic.