So lets say you have a range of public static IPs from a single ISP, lets call these x.x.x.a through x.x.x.z. Now you have a bunch of users and servers in different /24 vlans, but all can be summerized as 10.10.0.0/16. So you create a MASQ rule that 10.10.0.0/16 uses x.x.x.a. Now you have some servers, for example, 10.10.1.20 that you DNAT port 443 from x.x.x.b, and 10.10.2.30 that you DNAT some random app ports for x.x.x.c. When those servers connect to things externally you want the sources to not show be x.x.x.a, but x.x.x.b, and x.x.x.c respectively.
Should MASQ rules be created for each server, or rather SNAT? Surely not Full NAT, right?
This thread was automatically locked due to age.
