Feature request for NAT rules - to developper

  • cbastos

    cbastos - 2012-08-10

    lately Ive being working with multihomed firewalls and some time we want the same inside host to have different NAT address ( also not the firewall address ), depending ont the interface the packet goes out.

    Lets suppose we want the internal server to have the ip address ont the eth0 and on eth1.
    Firewall Builder will generate the following rules:
    $IPTABLES -t nat -A POSTROUTING -o eth+  -s  -j SNAT -to-source
    $IPTABLES -t nat -A POSTROUTING -o eth+  -s  -j SNAT -to-source

    since the argument of the output is eth+ the rules will be applied on all interfaces, and just the firt one will work, to fix it i need to edit the generated script and change the rules to:

    $IPTABLES -t nat -A POSTROUTING -o eth0  -s  -j SNAT -to-source
    $IPTABLES -t nat -A POSTROUTING -o eth1  -s  -j SNAT -to-source

    It would be nice to have a field added to the NAT rules, as we have on the Police rules, to select the interface you want the NAT applied. If you dont select any interface the behavior is to apply to all.

    Best regards,

  • Vadim Kurland

    Vadim Kurland - 2012-08-10

    you probably use very old version of fwbuilder. I do not remember exactly what version this was added in, but v5 has fields for inbound and outbound interface in NAT rules


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks