NAT on Nethserver

v7
firewall

(Dan Kennedy) #1

NethServer Version: 7
Module: Firewall

Can someone advise me how to enable a NAT exclusion on the Nethserver/Shorewall Firewall.

I have a private subnet on the LAN (Green) which seems to automatically get NAT to the RED interface. This is fine and allows the local LAN severs to get updates etc.

However, I have a need to not NAT when communicating with particular outside addresses. i.e.

LAN 192.168.1.0/24 PC’s get NAT out to Red Interface for example. But, if the destination is other private ranges (these are reachable beyond my RED zone) I want the source address of 192.168.1.0 to stay in place.

I am familar doing this with NAT rules and policy on Cisco, Juniper etc, but not on Nethserver.

Any pointers would be very much appreciated.

Thanks


(Davide Principi) #2

What is the route to the other private net?

  • If it passes through the internet (red) maybe an ipsec tunnel is required.
  • If it is routed through any other interface configure an additional static route.

(Jose G Jimenez S ) #3

How are you doing? Do you want two networks to see each other but not go on the internet?

Example: 192.168.1.0/24 communicate with 192.168.2.0/24


(Alessio Fattorini) #4

Can you help us to help you? :slight_smile:
Please answer @davidep and @jgjimenezs