Two nat rules for one port
Freshman Member
Hello,
is it possible to NAT two differrent source addresses with one destination port and one public address to two different DMZ destinations?
Required behavior:
1. WAN client 50.10.10.10 requests connection on port tcp/80 with destination address 10.0.1.1
2. ZyWALL will check client source address (50.10.10.10) and destination port (tcp/80) and decides (according to NAT rules) to NAT traffic to the DMZ client 192.168.1.10, to the port tcp/80
3. WAN client 50.10.10.20 requests connection on port tcp/80 with destination address 10.0.1.1
4. ZyWALL will check client source address (50.10.10.20) and destination port (tcp/80) and decides (according to NAT rules) to NAT traffic to the DMZ client 192.168.1.20, to the port tcp/80
Thank you.
Regards, Radim.
is it possible to NAT two differrent source addresses with one destination port and one public address to two different DMZ destinations?
Required behavior:
1. WAN client 50.10.10.10 requests connection on port tcp/80 with destination address 10.0.1.1
2. ZyWALL will check client source address (50.10.10.10) and destination port (tcp/80) and decides (according to NAT rules) to NAT traffic to the DMZ client 192.168.1.10, to the port tcp/80
3. WAN client 50.10.10.20 requests connection on port tcp/80 with destination address 10.0.1.1
4. ZyWALL will check client source address (50.10.10.20) and destination port (tcp/80) and decides (according to NAT rules) to NAT traffic to the DMZ client 192.168.1.20, to the port tcp/80
Thank you.
Regards, Radim.
0
Comments
-
I don't think you can NAT two different source addresses with the ZyWall as is you can only NAT to the destination not from source to destination as source is any.
You could add it in ideas
0 -
Thank you for response.
I recently switched from a linux system, so I am still comparing ZyWall firewall possibilities with netfilter/iptables.
With netfilter is pretty easy to apply following rules:iptables -A PREROUTING -i wan1 -s 50.10.10.10 -p tcp --dport 80 -j NAT --to-destination 192.168.1.10<br>iptables -A PREROUTING -i wan1 -s 50.10.10.20 -p tcp --dport 80 -j NAT --to-destination 192.168.1.20
Anyway, thank you.
Regards, Radim
0 -
-
I think USG does not support NAT port forwarding by source IP address in current version.
Not sure if this could be enhance in the future.
0 -
This is whats needed
Then a rule for incoming source IP 50.10.10.20 to mapping IP 192.168.1.20
1
Guru Member
Zyxel Employee
Master Member
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 200 Nebula Ideas
- 126 Nebula Status and Incidents
- 6.3K Security
- 498 USG FLEX H Series
- 323 Security Ideas
- 1.6K Switch
- 83 Switch Ideas
- 1.3K Wireless
- 49 Wireless Ideas
- 6.8K Consumer Product
- 286 Service & License
- 457 News and Release
- 89 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 96 Security Highlight
