This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

avoid snat rule for internal to DMZ traffic

I have an https SNAT rule that allows my internal traffic to all out the external and SNAT's it to the external. The problem is when my internal traffic tries to https to the DMZ, the SNAT rule applies, and the DMZ hosts see traffic coming from the external IP. How can I set up a rule to allow internal hosts to get to the dmz and avoid the https SNAT rule? Much appreciated if someone has a tip. Thanks!

Brian

This thread was automatically locked due to age.

Parents

0 BAlfson over 13 years ago

Brian, is there a reason you're using a SNAT instead of a Masquerading rule?

Cheers - Bob
PS Great insight, dilandau! I didn't understand the issue until you gave the answer.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 13 years ago

Brian, is there a reason you're using a SNAT instead of a Masquerading rule?

Cheers - Bob
PS Great insight, dilandau! I didn't understand the issue until you gave the answer.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 BarryG over 13 years ago in reply to BAlfson

Brian, is there a reason you're using a SNAT instead of a Masquerading rule?

IME, Masq can only use the primary EXT IP, so if you want to use a secondary/additional IP, you'd need to use SNAT.

Not sure if that still holds true in the latest versions though.

Barry
Cancel
Vote Up 0 Vote Down

Cancel