sNAT 1:1 For Range

I have two networks behind my Nethserver, and two public Ips,

I would like traffic coming from each network to SNAT to a specific IP.
Ex: 10.0.0.* ~> 198.#.#.1
Ex: 10.0.1.* ~> 198.#.#.2

I have Host Ranges in my Firewall Objects but they are not in the dropdown list, only individual IPs?

I will be interested in what you find here on this one… I have not yet had time to port my vpn traffic to separate ips using the nethserver I am sure it can be done just been busy with other projects…

I have two NICs in the machine, 10.0.0.1/10.0.1.0, for each local network, I assume I add them as a host in the firewall objects, then SNAT them, and it will work. But I am afraid to try it as I am Live in production right now.

In my old Zentyal setup, I was able to SNAT based on Protocol, and I was able to send DNS traffic (for OpenDNS) out of *.178, and each network out of their respective IP, *.179, *.180.

I would like to replicate this.

I am only guessing here see i get unlimited network adapters through proxmox I at this time don’t let my web server run on the host machine only for security purposes however… From my experience in the data center where i am located the one machine is assigned a public ip and I have 12 other ips i can appoint by mac address… I have had 4 internal networks to separate out traffic from some of my other servers and it worked well with a few snags here and their… I do know that you need to label each network card on whether its local or internet traffic…

Best advice i can give is to try and test what your doing on an old pc just to be sure before putting it in production environment…

I actually run two nethserver just to ensure my uptime… One at my home and the other at the data center.

Here is an article I found from awhile back and think it could possibly relate in some way on what your doing…

http://docs.nethserver.org/projects/nethserver-devel/en/latest/gateway.html

Tagging @Hunv @dnutan @islipfd19 here

Hi Adam,

as far as I see, Nethserver can only forward defined hosts, not whole subnets. That what you already figured out.
The next thing I don’t understand how you like to implement it is the translation from 10.0.0.* to 198.#.#.1. How this should work with all the variables? Should 10.0.0.1 forwarded to 198.0.0.1 or 198.0.1.1 or … Or is the # a fixed value so your examples would be like this?

Ex: 10.0.0.* ~> 198.0.0.1
Ex: 10.0.1.* ~> 198.0.0.2

But even if this is the case: I don’t see a way to add networks or IP-Ranges or Network Adapter as a source by using the GUI.
I am sure you can do this directly in the firewalls config file, but I cannot help with this.

1 Like

@Hunv Yes, fixed values, I simply would like a whole network behind my Neth to use a specific public IP.

OK. So you want that if 10.0.0.* accesses the internet, you like to have 198.0.0.1 etc.?
Maybe this will work with static routes (didn’t checked this)?