Home / Browse / Firewall Builder / Mail / Archive

Firewall Builder

Email Archive: fwbuilder-discussion (read-only)

2002:	_Jan	_Feb	_Mar (2)	_Apr (2)	_May (8)	_Jun (1)	_Jul (1)	_Aug (59)	_Sep (82)	_Oct (85)	_Nov (55)	_Dec (60)
2003:	_Jan (35)	_Feb (58)	_Mar (62)	_Apr (54)	_May (113)	_Jun (101)	_Jul (60)	_Aug (41)	_Sep (98)	_Oct (101)	_Nov (140)	_Dec (69)
2004:	_Jan (58)	_Feb (47)	_Mar (46)	_Apr (67)	_May (157)	_Jun (385)	_Jul (270)	_Aug (182)	_Sep (125)	_Oct (86)	_Nov (83)	_Dec (115)
2005:	_Jan (70)	_Feb (120)	_Mar (81)	_Apr (108)	_May (88)	_Jun (56)	_Jul (95)	_Aug (71)	_Sep (55)	_Oct (90)	_Nov (57)	_Dec (40)
2006:	_Jan (13)	_Feb (72)	_Mar (83)	_Apr (40)	_May (68)	_Jun (41)	_Jul (91)	_Aug (76)	_Sep (71)	_Oct (55)	_Nov (45)	_Dec (111)
2007:	_Jan (120)	_Feb (92)	_Mar (78)	_Apr (24)	_May (39)	_Jun (32)	_Jul (64)	_Aug (10)	_Sep (50)	_Oct (18)	_Nov (41)	_Dec (43)
2008:	_Jan (15)	_Feb (37)	_Mar (25)	_Apr (27)	_May (34)	_Jun (17)	_Jul (34)	_Aug (37)	_Sep (88)	_Oct (28)	_Nov (42)	_Dec (35)
2009:	_Jan (43)	_Feb (46)	_Mar (49)	_Apr (19)	_May (52)	_Jun (40)	_Jul (69)	_Aug (19)	_Sep (14)	_Oct (23)	_Nov (46)	_Dec (38)
2010:	_Jan (10)	_Feb (16)	_Mar (53)	_Apr (30)	_May (29)	_Jun (43)	_Jul (36)	_Aug (88)	_Sep (30)	_Oct (28)	_Nov (44)	_Dec (17)
2011:	_Jan (31)	_Feb (23)	_Mar (53)	_Apr (70)	_May (67)	_Jun (17)	_Jul (58)	_Aug (36)	_Sep (11)	_Oct (22)	_Nov (15)	_Dec (24)
2012:	_Jan (22)	_Feb (3)	_Mar (15)	_Apr (23)	_May (42)	_Jun (20)	_Jul (20)	_Aug (7)	_Sep (12)	_Oct (8)	_Nov (16)	_Dec
2013:	_Jan (17)	_Feb (8)	_Mar (7)	_Apr (12)	_May (7)	_Jun	_Jul	_Aug	_Sep	_Oct	_Nov	_Dec

[Fwbuilder-discussion] Source NAT by exit NIC?

From: Steve Loughran <stevelml1@sc...> - 2009-06-10 14:17

Hi all

Long time user of FWBuilder (very happy with it on Linux and the win32 
client), but I have an odd question.

On a gateway host, with multiple exit NICs, Is it possible to NAT the 
source IP to reflect which NIC it existed from (depending on system 
routing)?

e.g. if I have eth0 and eth1 both having exits to the internet, can I 
automatically Src NAT to the IP of eth0 if it leaves via that NIC, and 
the same for eth1?

I dont want to hard code this info a policy, nor do I want to NAT buy 
the destination, I just want to it to say "if it leaves via eth0, src 
NAT to eth0 IP".

Is this even possible, or should I just retire to a darkened room for an 
hour or two? :)

Many thanks in advance for you help, it is greatly appreciated.

Steve

Re: [Fwbuilder-discussion] Source NAT by exit NIC?

From: Vadim Kurland ✎ <vadim@vk...> - 2009-06-10 15:13

On Jun 10, 2009, at 6:47 AM, Steve Loughran wrote:

> Hi all
>
> Long time user of FWBuilder (very happy with it on Linux and the win32
> client), but I have an odd question.
>
> On a gateway host, with multiple exit NICs, Is it possible to NAT the
> source IP to reflect which NIC it existed from (depending on system
> routing)?
>
> e.g. if I have eth0 and eth1 both having exits to the internet, can I
> automatically Src NAT to the IP of eth0 if it leaves via that NIC, and
> the same for eth1?
>
> I dont want to hard code this info a policy, nor do I want to NAT buy
> the destination, I just want to it to say "if it leaves via eth0, src
> NAT to eth0 IP".
>
> Is this even possible, or should I just retire to a darkened room  
> for an
> hour or two? :)
>
> Many thanks in advance for you help, it is greatly appreciated.

you need two NAT rules, one with interface object eth0 in Translated  
Source and another with interface eth1 in Translated Source.

I finished rewriting two documents for the Firewall Builder Cookbook  
just yesterday, "Examples of Source Address Translation NAT Rules" and  
"Examples of Destination Address Translation NAT Rules". The first has  
an example that shows how using interface object in Translated Source  
adds "-o eth0" to the generated SNAT command. Extrapolate this example  
to two interfaces and you get your configuration.

http://www.fwbuilder.org/guides/firewall_builder_snat_rules.html
http://www.fwbuilder.org/guides/firewall_builder_cookbook.html

Vadim Kurland ✍
vadim@...