Subnet NAT issue
-
Hello,
I've got the following network (simplified, i've got many more networks of right side)
172.18.3.0/24<----->.150 vmx0[PNFENSE BOX]vmx8_vlan2595 .150<---->192.168.151.0/24
I'm trying to nat the whole 192.168.151.0/24 to another subnet (10.155.0.0/24) because i'm not able to readdress this network.
I need to setup
- a source nat to replace source IP vmx8_vlan2595 ip
- a destination nat to translate 10.155.0.0/24 destination ip to real 192.168.151.0/24 ip.
rules extract from pfctl
nat on vmx8_vlan2595 inet from any to 10.155.0.0/24 -> 192.168.151.150 port 1024:65535
rdr pass log on vmx0 inet from any to 10.155.0.0/24 -> 192.168.151.0/24For now it's not working. Same configuration is working on Sophos firewall
Iptables extract from sophos
Chain fw6_nat_out (1 references)
pkts bytes target prot opt in out source destination optimization
0 0 RANGENAT all -- * * 0.0.0.0/0 0.0.0.0/0 skip_ip_match hostset --dstid 405 RANGENAT --from 10.155.0.1-10.155.0.254 --to 192.168.151.1-192.168.151.254Chain fw6_nat_pre (1 references)
pkts bytes target prot opt in out source destination optimization
0 0 RANGENAT all -- * * 0.0.0.0/0 0.0.0.0/0 skip_ip_match ENTITY MATCH --fwruleid 6 hostset --dstid 405 RANGENAT --from 10.155.0.1-10.155.0.254 --to 192.168.151.1-192.168.151.254Regards,
Mathieu