Twice-NAT capability
-
Greetings,
Can Pf sense twice-nat?
I need to translate both the source IP and destination IP of a flow. -
You can port forward inbound (destination NAT) and set an outbound NAT on the outbound interface (source NAT).
Steve
-
@stephenw10 thanks Stephen. I did figure it out eventually. I submitted a redmine to perhaps have this ability done in a stream line way as you have to create two NAT policies in different menus which could be confusing if you’re doing a lot of Twice Nat policies.
It got rejected but that’s ok. I’ll figure out a better way of tracking these policies (unless you got an idea).
Appreciate as always your help here. Thank you ! -
Did you create it as a feature request?
I guess it would be possible to do that, create a linked pair of NAT rules.
-
@stephenw10 I think I did set it as a FR.
Right now I’m using NAT descriptions like “Twice NAT - 1” for both source and port forward rules. Putting it under an option in NAT may make sense. So tracking the descriptions is the way I do it.
I personally feel the technical debt may be worth it but that’s just me. The alternative is going between NATs rules and that gets confusing. -
Interesting. If you use it often I could see it being a useful feature. However it's something I've seen very infrequently. Usually when I do see it it's to work around some network issue that should probably be solved some other way.
-
@stephenw10 said in Twice-NAT capability:
a useful feature. However it's something I've seen very infrequently. Usually when I do see it it's to work around some network issue that shou
You def got a point and im in one of those situations now. The solution is to Double NAT and unfortunately this is a long-term solution short of redesigning an entire colo. Maybe when its time roe re-IP our data center than that's fine but again this is a huge lift at this point. Sigh....
