I have a situation where I need a DNAT that masquerades the external IP.
Let me explain.
The network has 2 firewalls and the Astaro is NOT the default gateway.
I create a DNAT on the Astaro External IP for port 80 to an internal server.
Astaro does send the packet to the internal server. However the internal server responds by sending the response packet out to its default gateway.....which fails because the other firewall never saw the first incoming packet and thus is not stateful.
Soooo, as a test I create a Masq rule for an external Public IP and nat it to the inside interface. This works! The internal server sees the traffic as coming from the astaro and send the traffic back to it.
But I don't want to use an "any" source to masq all external traffic to the internal web server as I have other ports that need to go to different servers.
Want I'd like is a DNAT with a limited set of ports that uses masq so the web server knows to send it back to the astaro and not its default gateway.
This thread was automatically locked due to age.
