| View previous topic :: View next topic |
| Author |
Message |
Luigi10
Joined: 08 Jun 2010
Posts: 29
|
 Posted: Thu Feb 16, 2012 6:42 pm Post subject: NAT Exemption rules |
 |
|
| Is there a way to set up a NAT exemption rule on the Zeroshell? We're trying to come up with an implementation where the Zeroshell box is the default gateway for one of our client's networks and it uplinks to a cable connection and a WAN connection back to our network. We have been using the Zeroshell to NAT at the cable connection and keep the connection towards our WAN unNAT'ed. We would then NAT the traffic from the client at our WAN edge using a Cisco ASA firewall. We're testing a solution where the client's servers would be NAT'ed at the Zeroshell box for the connection going towards our WAN instead of having it NAT'd at the ASA. The problem we would then have is being able to hit the client's computers directly over their 10.x.x.x internal IP addresses. If we could set up NAT exemption on the Zeroshell, we would be able to reach the client directly over their 10.x.x.x addresses from a LAN inside our core network. Please let me know if anyone has a way to do this or if you need more information. Thanks! |
|
| Back to top |
|
 |
jobe
Joined: 02 May 2012
Posts: 2
|
| Posted: Wed May 02, 2012 8:01 pm Post subject: |
|
|
We needed to do something similar. Instead of creating exemptions, we just defined what internal IP ranges needed to be NAT'ed. Everything else isn't.
We did not enable NAT on any interfaces in the GUI. I added the following line to the startup scripts under NAT and Virtual Servers. You can add multiple lines if needed.
| Code: |
iptables -t nat -A POSTROUTING -s 172.21.0.0/16 -o ETH01 -j MASQUERADE
|
|
|
| Back to top |
|
|
Luigi10
Joined: 08 Jun 2010
Posts: 29
|
| Posted: Thu May 03, 2012 3:28 pm Post subject: |
|
|
| Thanks Jobe. |
|
| Back to top |
|
|
|
Search
Register
Usergroups
Profile
Log in
Private Message
