lately Ive being working with multihomed firewalls and some time we want the same inside host to have different NAT address ( also not the firewall address ), depending ont the interface the packet goes out.
Lets suppose we want the internal server 10.40.5.83 to have the ip address 10.40.1.83 ont the eth0 and 10.40.0.83 on eth1.
Firewall Builder will generate the following rules:
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 10.40.5.83 -j SNAT -to-source 10.40.1.83
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 10.40.5.83 -j SNAT -to-source 10.40.0.83
since the argument of the output is eth+ the rules will be applied on all interfaces, and just the firt one will work, to fix it i need to edit the generated script and change the rules to:
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 10.40.5.83 -j SNAT -to-source 10.40.1.83
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 10.40.5.83 -j SNAT -to-source 10.40.0.83
It would be nice to have a field added to the NAT rules, as we have on the Police rules, to select the interface you want the NAT applied. If you dont select any interface the behavior is to apply to all.
you probably use very old version of fwbuilder. I do not remember exactly what version this was added in, but v5 has fields for inbound and outbound interface in NAT rules
Log in to post a comment.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.