This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Selective NATing

I am building a firewall with 9 interfaces. This is for testing purposes.

Some will have public addresses and some private.

I only want NAT for the private to the external interface. I do not want NATing for connections between the Internal interfaces.

Can I control this with 4.0?

This thread was automatically locked due to age.

0 kd_03 over 22 years ago

Short Answer : Yes.

Longer Answer: If you are *just* using MASQ for private traffic going out onto the 'net then all will be fine (I believe). However, I think I'm right in saying you would need to create rules that effectivly say "don't SNAT this" if you do any kind of SNAT.

Example:

I have a mail server sat on my dmz that has a dedicated public address, so my rules look like:

masq_lan net_lan -> All / All MASQ__external
masq_dmz net_dmz -> All / All MASQ__external
snat_mail_lan host_mail_private -> net_lan / All host_mail_private
snat_mail_out host_mail_private -> All / All host_mail_public
dnat_mail_in All -> host_mail_public / SMTP None host_mail_private

Mind the wrap on those lines!
Cancel
Vote Up 0 Vote Down

Cancel