EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Saturday 16 November 2024, 09:49:59 pm
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Visit the Official Endian Bug tracker
HERE
14258
Posts in
4377
Topics by
6515
Members
Latest Member:
hulteends
Search:
Advanced search
EFW Support
Support
General Support
How to Source NAT with unused IP
0 Members and 1 Guest are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: How to Source NAT with unused IP (Read 15377 times)
venkat
Jr. Member
Offline
Posts: 3
How to Source NAT with unused IP
«
on:
Thursday 24 May 2018, 02:26:55 am »
Environment:
LAN IP: 192.168.0.100/24
WAN IP: 1.1.1.1/30
Version: 3.2.2
Requirement:
We want to SNAT traffic from Src IP: 192.168.0.1/32 going to Dst IP: 172.1.1.1/32 be Source Nat to 192.168.10.10/32. We already have a VPN tunnel between 2 of our sites for carrying traffic between 192.168.10.10/32 & 172.1.1.1/32. Once we get the Natting up, we can forward the traffic destined to 172.1.1.1/32 via this IPSec tunnel after Source Natting to 192.168.10.10/32.
Issue:
When we go to NAT > SNAT option, we don't find any option to manually enter IP for Source Natting, but instead there is only drop-down option to select the Firewall's pre-existing LAN IP & WAN IP.
Can someone kindly help us with doing this requirement. I'm new to Endian & not sure how to figure this out.
Logged
venkat
Jr. Member
Offline
Posts: 3
Re: How to Source NAT with unused/different IP which is not present on FW
«
Reply #1 on:
Thursday 24 May 2018, 03:09:53 am »
UPDATE.
We were able to edit the /var/efw/snat/config file & add the SNAT entry as per our requirement. But the problem is that the NAT is not happening. As in when we send packet from 192.168.0.1/32, it exits to WAN IP (because of default route pointing to WAN IP of 1.1.1.1) which we can see from a traceroute from that PC.
Can someone kindly help us please.
Logged
venkat
Jr. Member
Offline
Posts: 3
Re: How to Source NAT with unused IP
«
Reply #2 on:
Thursday 24 May 2018, 03:44:32 am »
UPDATE
It's is probably a routing issue / question too. I have my nat rule at the top in config file. But it is probably picking up default Nat rule to egress via main WAN link out.
If routing happens before Natting then what we said above is explained. But to fix it, in Routing there is no option to select IPsec as next hop.
I think if we can get Natting to work, them possibly traffic to 172. destination would go via tunnel since typically Strongswan puts dynamic routes automatically when VPN is up for the matching configured SA pairs.
Can someone help us with this SNat + Routing to tunnel requirement of ours.
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.047 seconds with 18 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com