• I have a specific need to allow clients of a private net (connected to OPT3 w/ reserved DHCP addresses) to connect to the LAN net ( > static addresses via DHCP reservations).  BTW only a small supernet of address are attached to the pfS box (

    The issues is that there are servers in the LAN that the clients of the OPT3 network need access to and these servers REQUIRE 145.191.x.x address to access them.  These admin will NOT allow private address space to access their servers (tcpwrappers, iptables and other SELinux methods).  They are not willing to budge on this ….. so my thinking is that I can set up a NAT pool to NAT the OPT3 addresses (10.10.10.x) to some open LAN address space (145.191.x.x).

    I have tried slicing off a very little subnet of the OPT3 net and doing some 1:1 NAT with these addresses and those of the LAN in the same way, but I have had very little luck.

    Is this type of NAT setup even possible?

    Do the subnets have to match on either side of the NAT schema?

    I am using 1:1 because I want to control which OPT3 clients have access into the LAN (is this correct thinking)?

    Do I have to get the admins of the routable LAN net to carve out a specific subnet for me to use the 1:1 NAT schema?

    Do I have to use VIP's and if so what type (Proxy ARP, CARP or plain VIP)?

    Will I have to disable AON (automatic outbound NAT) and create manual outbound NATting to get this configuration working?

    Thanks for you hlp in advance!!

  • Please do not cross post.  This was sent to the mailing list as well!