Source IP based on Destination IP (weird question)

  • Note: please move if need be.

    So, I have a /29 from my ISP, with reverse dns on several of the IP addresses, of the form ''.

    For connecting to work and client servers that are not across our VPN (most are, but some aren't), I'd like to use one of the IP addresses as a 'generic', so it will show up in the usual '' rather than ''.

    The list is small so I could maintain it manually as an alias, approximately a dozen IP addresses.

    I don't want to use 1:1 NAT, because there are several machines here that could be used.

    How would I, if indeed I even could, go about writing a rule that says 'when remote host is in alias list x, use this IP address for outbound'? All the requisite IPs are assigned to the firewall as Proxy ARP virtuals.

  • firewall –> NAT --> outbound.

    Here you can create manual outbound rules.
    --> source-IP based NAT like you describe it.

    But unfortunately it's not possible to use aliases here :(
    Maybe you could arrange your IP's so the can use rules like:
    Your subnet: /24
    Over_devault_WAN: /22
    Over_VIP1: /22
    Over_VIP2: /22
    Over_VIP3: /22

  • That seems like it would work well, thanks! I will give it a try today.