Masquerading NAT?

Question

We have a block of 16 ipv4 public addresses. 
 Our network has various LANS and a couple of DMZ's. 
 Our main DMZ has 4 servers sitting within it, each with it's own public ip natting to it. 
 How do you set up masquerading for this? Is it simply: 
 DMZ Server A > WAN (public address A) 
 DMZ Server B > WAN (public address B) 
 DMZ Server C > WAN (public address C) etc etc

apijnappels · Accepted Answer

I believe you can make additional MASQ rules (put before the general 192.168.1.0/24!!! 
 
 These should look like: 
 192.168.1.1/32 MASQ to 1.1.1.2 192.168.1.2/32 MASQ to 1.1.1.3 192.168.1.0/24 MASQ to 1.1.1.1 
 If in this order, both servers will first find the /32 masq rule and I believe this will apply, other hosts will not apply on /32 and only apply on /24 MASQ.

Aditya Patel · Answer

HI Louis, 
 As per your query you would need to enable Proxy ARP on your appliance . Kindly follow the steps to configure the same . 
 Enable proxy arp on two interfaces with the same network mask and addresses 
 for example: external interface (eth4) is 157.161.161.240/27 and the host on which you want to connect is on the DMZ interface (eth5) with the ip 157.161.161.243 in your case proxy arp has to be enabled on sysctl like this: sysctl -w net.ipv4.conf.eth5.proxy_arp=1 sysctl -w net.ipv4.conf.eth4.proxy_arp=1 
 Taken from Article . 115287 
 https://community.sophos.com/kb/en-us/115287 
 Thanks and regards 
 Aditya Patel 
 Network and Security Engineer.

Masquerading NAT?

Submitted a Tech Support Case lately from the Support Portal?