Two nat rules for one port
Options
Hello,
is it possible to NAT two differrent source addresses with one destination port and one public address to two different DMZ destinations?
Required behavior:
1. WAN client 50.10.10.10 requests connection on port tcp/80 with destination address 10.0.1.1
2. ZyWALL will check client source address (50.10.10.10) and destination port (tcp/80) and decides (according to NAT rules) to NAT traffic to the DMZ client 192.168.1.10, to the port tcp/80
3. WAN client 50.10.10.20 requests connection on port tcp/80 with destination address 10.0.1.1
4. ZyWALL will check client source address (50.10.10.20) and destination port (tcp/80) and decides (according to NAT rules) to NAT traffic to the DMZ client 192.168.1.20, to the port tcp/80
Thank you.
Regards, Radim.
is it possible to NAT two differrent source addresses with one destination port and one public address to two different DMZ destinations?
Required behavior:
1. WAN client 50.10.10.10 requests connection on port tcp/80 with destination address 10.0.1.1
2. ZyWALL will check client source address (50.10.10.10) and destination port (tcp/80) and decides (according to NAT rules) to NAT traffic to the DMZ client 192.168.1.10, to the port tcp/80
3. WAN client 50.10.10.20 requests connection on port tcp/80 with destination address 10.0.1.1
4. ZyWALL will check client source address (50.10.10.20) and destination port (tcp/80) and decides (according to NAT rules) to NAT traffic to the DMZ client 192.168.1.20, to the port tcp/80
Thank you.
Regards, Radim.
0
Comments
-
I don't think you can NAT two different source addresses with the ZyWall as is you can only NAT to the destination not from source to destination as source is any.
You could add it in ideas
0 -
Thank you for response.
I recently switched from a linux system, so I am still comparing ZyWall firewall possibilities with netfilter/iptables.
With netfilter is pretty easy to apply following rules:iptables -A PREROUTING -i wan1 -s 50.10.10.10 -p tcp --dport 80 -j NAT --to-destination 192.168.1.10<br>iptables -A PREROUTING -i wan1 -s 50.10.10.20 -p tcp --dport 80 -j NAT --to-destination 192.168.1.20
Anyway, thank you.
Regards, Radim
0 -
-
I think USG does not support NAT port forwarding by source IP address in current version.
Not sure if this could be enhance in the future.
0 -
This is whats needed
Then a rule for incoming source IP 50.10.10.20 to mapping IP 192.168.1.20
1
Categories
- All Categories
- 396 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 86 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 915 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 912 Nebula FAQ
- 419 Security FAQ
- 237 Switch FAQ
- 207 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight