Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

Feature request for NAT rules - to developper

cbastos
2012-08-10
2013-03-05
  • cbastos
    cbastos
    2012-08-10

    Hi.
    lately Ive being working with multihomed firewalls and some time we want the same inside host to have different NAT address ( also not the firewall address ), depending ont the interface the packet goes out.

    Lets suppose we want the internal server 10.40.5.83 to have the ip address 10.40.1.83 ont the eth0 and 10.40.0.83 on eth1.
    Firewall Builder will generate the following rules:
    $IPTABLES -t nat -A POSTROUTING -o eth+  -s 10.40.5.83  -j SNAT -to-source 10.40.1.83
    $IPTABLES -t nat -A POSTROUTING -o eth+  -s 10.40.5.83  -j SNAT -to-source 10.40.0.83

    since the argument of the output is eth+ the rules will be applied on all interfaces, and just the firt one will work, to fix it i need to edit the generated script and change the rules to:

    $IPTABLES -t nat -A POSTROUTING -o eth0  -s 10.40.5.83  -j SNAT -to-source 10.40.1.83
    $IPTABLES -t nat -A POSTROUTING -o eth1  -s 10.40.5.83  -j SNAT -to-source 10.40.0.83

    It would be nice to have a field added to the NAT rules, as we have on the Police rules, to select the interface you want the NAT applied. If you dont select any interface the behavior is to apply to all.

    Best regards,
    Carlos.

     
  • Vadim Kurland
    Vadim Kurland
    2012-08-10

    you probably use very old version of fwbuilder. I do not remember exactly what version this was added in, but v5 has fields for inbound and outbound interface in NAT rules