Hide NAT

Horu · Sep 28, 2006, 3:45 PM

WAN: 81.x.x.x
LAN: 192.168.3.0
OPT1: 192.168.1.0
OPT2: 192.168.2.0

I have outbound NAT working (LAN -> WAN) and port forwarding from WAN -> OPT2 subnet. I'd now like to hide requests from the OPT1 network to OPT2 network behind the OPT1 i/f address. I've tried the various NAT options but the source address always the original address. I'm sure I can do this with Check Point is it possible in pf?

hoba · Sep 28, 2006, 7:47 PM

@Horu:

I'd now like to hide requests from the OPT1 network to OPT2 network behind the OPT1 i/f address.

You only can hide requests from OPT1 network to OPT2 network behind the OPT2 interface address. You need advanced outbound for that (firewall>nat, outbound tab).

Horu · Sep 29, 2006, 8:45 AM

I don't think that will work in my case because a packet coming in to OPT1 could come from another network, the Internet for example. The packet reaches the destination server on the OPT2 subnet but is being sent back via pf's default route, which is the WAN i/f. Unless I can change the source address it won't go back via OPT1.

Internet -> Cable Router -> pf WAN -> Server on OPT2 subnet -> pf WAN -> Internet (this works)

Internet -> ADSL Router -> pf OPT1 -> Server on OPT2 subnet -> pf WAN -> Internet (this doesn't)

hoba · Sep 29, 2006, 7:45 PM

Looks like you rather want a multiwan setup than some freaking nat settings. I suggest searching the forum as this is a hot topic at the forum. Additional to this you can use advanced outbound nat to make some special things working (if it doesn't work right after setting up multiwan).