Central NAT: DNAT depending on service used?

Forum|Forum|8 years ago
January 27, 2018
1 reply
4082 views

I have to set up a NAT-intensive box, using FMG + ADOM, 5.6.2 (FG 5.6.3)

Firewall is connected to many worlds, and trying to make everything without central NAT turned up to be quite a mess.

However, on Central NAT, I can not resolve the following situation:

If a private-addressed server goes to the internet on SMTP, it should masquerade its source IP as (e.g.) 1.1.1.1, if going out with HTTP request then it has to be masked as 1.1.1.2, if DNS, then 1.1.1.3.

Without central NAT, one only has to separate SMTP, DNS and HTTP rules giving every NAT field its own pool.

Any ideas?

Martin

Best answer by neonbit

When you create a NAT rule you can select the protocol/port. Just create three NAT rules with TCP/25, UDP/53 and TCP/80 with each having a different IP Pool.

neonbitAnswer

New Member

When you create a NAT rule you can select the protocol/port. Just create three NAT rules with TCP/25, UDP/53 and TCP/80 with each having a different IP Pool.

eMZeAuthor

New Member

Thank you. Answer is correct.

Just now I have noticed that question is wrong.

I have to do SOURCE nat depending on port used. There is nothing besides the protocol number to select on FMG dialogue and nothing to select on CLI.

Is there any workaround?

M

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded