I need to setup our new firewall at a co-lo with one of our /24 networks, but have been ordered to NAT it to a 10.x.x.x internal network... [[[:(]]]
I would rather not do NAT, but I don't have a choice.
I am under the impression that I need to do the following:
1. have the ISP use 1 of our IPs for their router
2. setup the external interface with an IP on the real Class C network
3. setup another 253 or so "additional addresses" on the external interface
[[[:(]]]
4. setup the 10.x.x.x network on the internal interface
5. setup "Full NAT" for all 253 or so IPs
[[[:(]]]
Am I right?
Is this the only and easiest way?
Are there any shortcuts for #3 and #5? e.g., is there a way to setup a block or subnet for "Full NAT" or "Additional Addresses" without having to do 1 at a time?
I remember some other firewalls having ways to NAT entire ranges (internalexternal) at once.
The Astaro docs indicate that you can put a network into the NAT source or dest, but will it be a 1-1 mapping?
I'm guessing I couldn't do the whole /24 though because of the external IP, but a /25 should work, right?
As mentioned, NAT is a company requirement, so please no arguments about that.
Thanks,
Barry
This thread was automatically locked due to age.
