Anyway to implement DNAT and SNAT?

dparsons · Aug 6, 2010, 1:22 PM

What I need is a rule that looks like this:

TYPE NET1 IFACE NET2
SNAT 192.168.1.0/24 vpn 10.10.11.0/24
DNAT 10.10.11.0/24 vpn 192.168.1.0/24

This is to overcome a network duplication issue where the people VPNing into my network have the same subnet as my internal network.

cmb · Aug 7, 2010, 10:14 PM

Depends on the type of VPN. IPsec, no, not without a separate box to do NAT. OpenVPN yes.

dparsons · Aug 9, 2010, 11:23 AM

Yes I am using OpenVPN so that is certainly good news! Do you happen to have a doc on how to achieve this? While I have found information on google about doing this it almost always involves using iptables to set it up correctly.

Thanks!

cmb · Aug 10, 2010, 12:24 AM

Only place I know of it being covered is in the book. http://pfsense.org/book

In short, assign your OpenVPN interfaces, then do NAT on them like any other interface. That's partially covered on the doc site, check the OpenVPN category at doc.pfsense.org.

dparsons · Aug 10, 2010, 11:36 AM

Thanks!