Add a field to determine SNAT address

[iarly selbir | ski0s]

When setting up a SNAT rule a field to determine the SNAT address should be showed, in many cases the firewall can have virtual interfaces, and the admin need to mask some internal machine with some external address.

Thanks in advance.

[Victor Julien]

Please describe a detailed use case to us. I'm not convinced yet we need a field like this.

[iarly selbir | ski0s]

Assuming I have a simple firewall with two network interfaces eth0-LAN and eth1-WAN.

On my eth0 I have my users stations, by default all traffic are getting out with ip of eth1 ( POSTROUTING NAT ).

But I have a machine that I need this one your traffic go to internet as an ip of a eth1 virtual interface

e.g

eth0 - 192.168.100.1 ( network 192.168.100.0/24 ) eth1 - 200.201.202.203 eth1:1 200.201.202.204

I need this one get out to the internet as 200.201.202.204 rather than ip configured at physical interface. I suggested the field but currently we have "Outgoing interface" on creating SNAT rule, other way should be: When I creating a SNAT rule, there could appears the Virtual Interfaces, that would use eth1 ( because eth1:1 is over eth1 ) as outgoing interface and --to-source the virtual address from the virtual interface selected

[Adi Kriegisch]

for me this works as expected: having two interfaces, a physical (GW) and a virtual (SERVER) a rule like this:

Snat service any from my.lan to world.inet options out_int=\"GW\""
Snat service any from server.my.lan to world.inet options out_int=\"SERVER\""

accomplishes just what you want.