Group NAT to Single IP
-
Hello, here is my setup.
WAN1 IP = a.b.c.2/24 | Gateway = a.b.c.1
WAN2 IP = d.e.f.2/24 | Gateway = d.e.f.1LAN1 IP = 192.16.8.2 | Firewall rule 192.168.1.0/24 use WAN1 gateway
LAN2 IP = 10.0.0.2/24 | Firewall rule 10.0.0.0/24 use WAN1 gateway
LAN3 IP =172.17.1.2/24 | Firewall rule 172.16.1.0/24 use WAN2 gatewayI need to NAT a range of IPs on LAN3 to a single IP address on WAN2, example: IP range 172.16.1.100 thru 172.16.1.150 to use public IP address of d.e.f.76 only. Everyone else on the 172.16.1.0 subnet to use the public IP address of d.e.f.2.
Would I use outbound NAT or VIP, or both?
-
I assume you already created a VIP for d.e.f.76
First change your firewall-rules
Create an alias for the IP-ranges you want.
Change the rules on your LAN interfaces so that you have a rule for every IP-range you have.
Set as source your IP-range alias and as gateway the WAN you want.Second activate Advanced Outbound NAT.
Create a rule ABOVE the rule that NAT's your subnet's to a specific interface.
Set as source your IP-range (too bad you cannot use aliases in AoN-rules…)
Set as translation adress your VIP.I didnt test that but i think this is the way you should do it.
-
I assume you already created a VIP for d.e.f.76
First change your firewall-rules
Create an alias for the IP-ranges you want.
Change the rules on your LAN interfaces so that you have a rule for every IP-range you have.
Set as source your IP-range alias and as gateway the WAN you want.Second activate Advanced Outbound NAT.
Create a rule ABOVE the rule that NAT's your subnet's to a specific interface.
Set as source your IP-range (too bad you cannot use aliases in AoN-rules…)
Set as translation adress your VIP.I didnt test that but i think this is the way you should do it.
Thanks for your reply.
Yes, I have setup a VIP for d.e.f.76.
Should I set Outbound NAT to manual or leave it as automatic?
-
You need to specify manual outbound nat rules for this. Don't forget that they are first match wins, just like firewallrules so you should have some default catch all other traffic rules at the bottom (a default lan to wan rule will be created for you automatically when enabling advanced outbound nat). You of course need that for all your WANs and LANs or you'll break connectivity.
-
Looks like that got it. Thanks for the info.
