News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Feature Requests
linktree Topic: Better NAT possibilities
Pages: [1]
Topic: Better NAT possibilities  (Read 3076 times)
« on: June 20, 2008, 22:14:43 »
eek *
Posts: 7

The old 1 to 1 nat, many to 1 should be updated.

i have worked with sonicwall for quite some time, recently changed my firewall from a tz170 to a net5501 and they have really come far with nat policies.
you can pretty much specify everything you want with it.

Original Source:
Translated Source:
Original Destination:
Translated Destination:
Original Service:
Translated Service:
Inbound Interface:
Outbound Interface:

i would like to se something like that in future releases
« Reply #1 on: June 21, 2008, 01:15:14 »
ChainSaw
Guest
so why did you switch to m0n0wall?

CS...
« Reply #2 on: June 21, 2008, 10:30:40 »
eek *
Posts: 7
this is a feature request, not a comparison.
« Reply #3 on: June 21, 2008, 20:55:20 »
cmb *****
Posts: 851
Outbound NAT allows a lot of that now, Inbound isn't as flexible.
« Reply #4 on: June 21, 2008, 20:58:25 »
ChainSaw
Guest
your post ask for features to be added to m0n0wall without any reason other than Sonicwall has it and m0n0wall doesn't.  that suggest to me that you have compared the two and simply asked for whatever you found missing in m0n0wall.  why would any developer run out and add features based on such a request?

CS...
« Reply #5 on: June 22, 2008, 06:19:12 »
knightmb ****
Posts: 341
While those are interesting, what benefit would m0n0wall gain from having the ability to tinker with the fine comb settings of NAT? Any examples of a how it would benefit a power user of m0n0wall?
Radius Service for m0n0wall Captive Portal - http://amaranthinetech.com
« Reply #6 on: June 22, 2008, 09:13:14 »
eek *
Posts: 7
knightmb, nice to see someone asking why you need it instead of being a total dick about it.

With better nat possibilities you can do pretty much what you want you can decide how traffic flows not just outbound or inbound but via different internal zones aswell.

example: you have a vpn in one of your firewall zones that you need to access from another zone but since your internal ips are unknown by the peer you will never get the traffic into the tunnel.
easy. just add nat policy to make your traffic appear to come from the same subnet. or maybe just to originate from your firewalls internal ip. or really whatever works in your specific setup.

example: this is the first thing you are met by.
Note:
It is not possible to access NATed services using the WAN IP address from within LAN (or an optional network).
with more extensive nat functions its quite easy to add policys to make this work from both internal networks and optional ones.

example: nat policy based on source, not just a firewall rule but a nat policy aswell, this allows for multiple services on the same port depending on originating source, and i am not only talking about external sources but any source on any interface and any protocol.

 
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines