Snat and nat

[Guest]

[macgvr]

I am trying to test the Endian FW to see if it will do what I need it to do. I am trying to setup NAT and SNAT using secondary ip addresses. Here is the issue I have. I have been assigned two addresses for the gateway and my firewall. Let say they are 60.1.0.1 and 60.1.0.2/30. I have been assigned static ip addresses, lets say those are 60.1.2.1/29 . On other firewalls I have used Proxy arp or virtual ip addresses but with Endian it appears that I have to assign those secondary ip addresses under Network and Interfaces. Then I can create the NAT entries and use those addresses in the configuration.

I have tried to do that but it doesn't work. I think if the addresses were all in the same sub net it would be fine. Now, the way I am testing may be why I am failing to get this to work. I have a nasty feeling that because I am trying this in a test network that I don't have the proper routing setup to make the NAT setup work.

Here is what I actually have in my test network.
Internet box - 192.168.2.2 <-> 192.168.2.8 - EndianFW - 192.168.0.2 - internal network 
                                            |_ 192.168.2.39 - test computer

I added a secondary ip of 192.168.3.1 and then setup a nat pointing that address to an internal computer with ip of 192.168.0.100. It simply won't work.  If I create a nat that uses 192.168.2.8 pointed to 192.168.0.100 it works just fine.

I have connected a test computer(192.168.2.39) in between the Internet box and the EndianFW to test the NAT. I also created a NAT in the Internet box and pointed it to 192.168.3.1 and tested from outside our network but it also failed.

I checked the arp table on the test computer after pinging the 192.168.3.1 address and it doesn't show up in the arp list. The 192.168.2.8 does show up. That concerns me and makes me think this isn't going to work.

Any ideas? Am I crazy and should I simply connect this to our live network and try it there?