1:1 vs Outbound NAT, Which takes precendence
I am using a setup here with a several blocks of Class C public addresses externally, and internally use several blocks of Class B addresses for the subnets. I am using 1.2-Release.
One block of Class C's I use for one to many NAT, so every IP on each subnet will map to at least one public IP.
I have a network range set up with an outbound NAT similar to:
Source net: 10.100.0.0/16 -> xx.xx.240.10/32
Source net: 10.101.0.0/16 -> xx.xx.240.11/32
Source net: 10.102.0.0/16 -> xx.xx.240.12/32
I'd also like one class C of the internal class B networks to 1:1 NAT similar to:
10.100.9.0/24 -> xx.xx.241.0/24
10.101.9.0/24 -> xx.xx.242.0/24
10.102.9.0/24 -> xx.xx.243.0/24
It may seem like a strange setup, but I use this so in DHCP I can determine which hosts get their own 1:1 NAT for gaming/ftp, and which can have just a 1-to-many.
The question I have is, which gets processed first in the NAT rules? Does the 1:1 get read before the 1-to-many? This configuration seems to work in testing, but I don't want to put it into production until I can verify that the 1:1 will always take precedence over the outbound 1-to-many.
For DHCP, in each of the subnets, I use a scope of roughly 8 class C's. I suppose if I had to, I could create several 1-to-many rules to encapsulate each subnet, but I don't want to create that many rules if I don't have to.
Thanks in advance for any help.
1:1 takes precedence over the outbound NAT rules.
I put this system in production yesterday, and it seems like what you are saying is exactly correct. I was just making sure there were going to be no surprises down the road, and since 1:1 and outbound are in different tabs, there was no way to "order" the rules to act like I wanted.