Opened 13 years ago

Last modified 5 years ago

#119 new enhancement

Add a field to determine SNAT address

Reported by: iarly selbir | ski0s Owned by: Victor Julien
Priority: major Milestone: undecided
Component: vuurmuur-conf Version: 0.8beta2
Keywords: Cc:

Description (last modified by Victor Julien)

When setting up a SNAT rule a field to determine the SNAT address should be showed, in many cases the firewall can have virtual interfaces, and the admin need to mask some internal machine with some external address.

Thanks in advance.

Change History (4)

comment:1 by Victor Julien, 13 years ago

Please describe a detailed use case to us. I'm not convinced yet we need a field like this.

comment:2 by iarly selbir | ski0s, 13 years ago

Assuming I have a simple firewall with two network interfaces eth0-LAN and eth1-WAN.

On my eth0 I have my users stations, by default all traffic are getting out with ip of eth1 ( POSTROUTING NAT ).

But I have a machine that I need this one your traffic go to internet as an ip of a eth1 virtual interface


eth0 - ( network ) eth1 - eth1:1

I need this one get out to the internet as rather than ip configured at physical interface. I suggested the field but currently we have "Outgoing interface" on creating SNAT rule, other way should be: When I creating a SNAT rule, there could appears the Virtual Interfaces, that would use eth1 ( because eth1:1 is over eth1 ) as outgoing interface and --to-source the virtual address from the virtual interface selected

comment:3 by Adi Kriegisch, 8 years ago

for me this works as expected: having two interfaces, a physical (GW) and a virtual (SERVER) a rule like this:

Snat service any from my.lan to world.inet options out_int=\"GW\""
Snat service any from to world.inet options out_int=\"SERVER\""

accomplishes just what you want.

comment:4 by Victor Julien, 5 years ago

Description: modified (diff)
Milestone: 0.8undecided
Note: See TracTickets for help on using tickets.