Knowledge Base & Forums/Using Endian/Firewall

SNAT (Source NAT) - Basic Setup

Ben
posted this on April 28, 2011 00:00

Version 2.5 Version 3.0

Author: Ben
Applies to Platform: UTM 2.4 and 2.5, 4i Edge 2.5
Last Update:9 April 2014

Author: Ben
Applies to Platform: UTM 3.0, 4i Edge 3.0
Last Update:9 April 2014


This lesson will illustrate the necessary steps to configure a very simple Source NAT (SNAT) on a typical Endian appliance. The primary purpose of Source NAT is to take an internal application (IP and port) and manipulate which external IP and/or port is masqueraded to the Internet. By default, the Endian will masquerade all outbound connections to the primary Red interface IP address so you need SNAT in instances where you don't want this to occur.

Configuration Example

?name=Network_Diagram_-_SNAT__Simple_.png

In this simple example, we'll setup a Source NAT (SNAT) for an mail server in the Orange (DMZ) network. We'll use one of our (non-primary) statically assigned public IP addresses as our masqueraded IP.

Create SNAT Rule

?name=media_1300822101219.png snat1.png

We'll begin by creating a new SNAT rule at which point we can configure all the necessary fields to correspond to our example network. Notice in the "NAT to source address" dropdown we specifically select our new public IP address to use for masquerading for this rule.

Once done, click the Create Rule button.

Apply the Rule

?name=media_1300822223616.png snat2.png

Once your rule is created, you must apply the rule to the device by clicking the Apply button (shown above).

Verify the Rule

?name=media_1300822266066.png snat3.png

Now that our rule has been applied successfully, we can test that our mail server is being masqueraded to the correct IP address.

Note

You can test a Source NAT rule from any server with a browser by using a site like WhatIsMyIP which will tell you what which public IP you're coming from.
 

Comments

User photo
Daniele De Lorenzi
Endian

Still valid for 2.5

April 19, 2012 15:51