NAT only one interface?

Home Page Forums Network Management Networking NAT only one interface?

This topic contains 0 replies, has 0 voices, and was last updated by  dnsadmin 7 years, 6 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #43093

    dnsadmin
    Member

    I have just started poking around and haven’t found a way to accomplish this yet… my hunch is it may require a manually inserted firewall rule via script?

    Anyhow, given ETH00 (outside interface, public routed IP), ETH01 (inside firewalled interface, public routed IP) and ETH02 (private IP space inside firewall). The default route is via ETH00.

    I’d like to NAT traffic from the private IP space (ETH02) and NOT nat the ETH01 (and obviously ETH00) traffic.

    Normally, I set the ETH00 as a nat interface — however that results in both ETH01 and ETH02 traffic getting natted, which for application reasons isn’t acceptable.

    Thoughts/Comments on how to best accomplish this?

    Thanks all

    #51918

    dnsadmin
    Member

    What I’m coming up with is:

    -A POSTROUTING -i ETH02 -o ETH00 -j MASQUERADE

    Alternatively, perhaps:

    -A POSTROUTING -s 192.168.0.0/24 -o ETH00 -j MASQUERADE
    or
    -A POSTROUTING -i ETH02 -s 192.168.0.0/24 -o ETH00 -j MASQUERADE

    Any thoughts? Plan on trying this next downtime I can arrange.

    [It’d be awesome to get something like this in the NAT section of the GUI!]

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.