NAT on Nethserver

NethServer Version: 7
Module: Firewall

Can someone advise me how to enable a NAT exclusion on the Nethserver/Shorewall Firewall.

I have a private subnet on the LAN (Green) which seems to automatically get NAT to the RED interface. This is fine and allows the local LAN severs to get updates etc.

However, I have a need to not NAT when communicating with particular outside addresses. i.e.

LAN PC’s get NAT out to Red Interface for example. But, if the destination is other private ranges (these are reachable beyond my RED zone) I want the source address of to stay in place.

I am familar doing this with NAT rules and policy on Cisco, Juniper etc, but not on Nethserver.

Any pointers would be very much appreciated.


What is the route to the other private net?

  • If it passes through the internet (red) maybe an ipsec tunnel is required.
  • If it is routed through any other interface configure an additional static route.

How are you doing? Do you want two networks to see each other but not go on the internet?

Example: communicate with

Can you help us to help you? :slight_smile:
Please answer @davidep and @jgjimenezs