Opened 13 years ago
Last modified 5 years ago
#119 new enhancement
Add a field to determine SNAT address
|Reported by:||iarly selbir | ski0s||Owned by:||Victor Julien|
Description (last modified by )
When setting up a SNAT rule a field to determine the SNAT address should be showed, in many cases the firewall can have virtual interfaces, and the admin need to mask some internal machine with some external address.
Thanks in advance.
Change History (4)
comment:1 by , 13 years ago
comment:2 by , 13 years ago
Assuming I have a simple firewall with two network interfaces eth0-LAN and eth1-WAN.
On my eth0 I have my users stations, by default all traffic are getting out with ip of eth1 ( POSTROUTING NAT ).
But I have a machine that I need this one your traffic go to internet as an ip of a eth1 virtual interface
eth0 - 192.168.100.1 ( network 192.168.100.0/24 ) eth1 - 188.8.131.52 eth1:1 184.108.40.206
I need this one get out to the internet as 220.127.116.11 rather than ip configured at physical interface. I suggested the field but currently we have "Outgoing interface" on creating SNAT rule, other way should be: When I creating a SNAT rule, there could appears the Virtual Interfaces, that would use eth1 ( because eth1:1 is over eth1 ) as outgoing interface and --to-source the virtual address from the virtual interface selected
comment:3 by , 8 years ago
for me this works as expected: having two interfaces, a physical (GW) and a virtual (SERVER) a rule like this:
Snat service any from my.lan to world.inet options out_int=\"GW\"" Snat service any from server.my.lan to world.inet options out_int=\"SERVER\""
accomplishes just what you want.
comment:4 by , 5 years ago
|Milestone:||0.8 → undecided|
Please describe a detailed use case to us. I'm not convinced yet we need a field like this.