Two nat rules for one port
Hello,
is it possible to NAT two differrent source addresses with one destination port and one public address to two different DMZ destinations?
Required behavior:
1. WAN client 50.10.10.10 requests connection on port tcp/80 with destination address 10.0.1.1
2. ZyWALL will check client source address (50.10.10.10) and destination port (tcp/80) and decides (according to NAT rules) to NAT traffic to the DMZ client 192.168.1.10, to the port tcp/80
3. WAN client 50.10.10.20 requests connection on port tcp/80 with destination address 10.0.1.1
4. ZyWALL will check client source address (50.10.10.20) and destination port (tcp/80) and decides (according to NAT rules) to NAT traffic to the DMZ client 192.168.1.20, to the port tcp/80
Thank you.
Regards, Radim.
is it possible to NAT two differrent source addresses with one destination port and one public address to two different DMZ destinations?
Required behavior:
1. WAN client 50.10.10.10 requests connection on port tcp/80 with destination address 10.0.1.1
2. ZyWALL will check client source address (50.10.10.10) and destination port (tcp/80) and decides (according to NAT rules) to NAT traffic to the DMZ client 192.168.1.10, to the port tcp/80
3. WAN client 50.10.10.20 requests connection on port tcp/80 with destination address 10.0.1.1
4. ZyWALL will check client source address (50.10.10.20) and destination port (tcp/80) and decides (according to NAT rules) to NAT traffic to the DMZ client 192.168.1.20, to the port tcp/80
Thank you.
Regards, Radim.
0
Comments
-
I don't think you can NAT two different source addresses with the ZyWall as is you can only NAT to the destination not from source to destination as source is any.
You could add it in ideas
0 -
Thank you for response.
I recently switched from a linux system, so I am still comparing ZyWall firewall possibilities with netfilter/iptables.
With netfilter is pretty easy to apply following rules:iptables -A PREROUTING -i wan1 -s 50.10.10.10 -p tcp --dport 80 -j NAT --to-destination 192.168.1.10<br>iptables -A PREROUTING -i wan1 -s 50.10.10.20 -p tcp --dport 80 -j NAT --to-destination 192.168.1.20
Anyway, thank you.
Regards, Radim
0 -
-
I think USG does not support NAT port forwarding by source IP address in current version.
Not sure if this could be enhance in the future.
0 -
This is whats needed
Then a rule for incoming source IP 50.10.10.20 to mapping IP 192.168.1.20
1
Categories
- All Categories
- 347 Beta Program
- 2.1K Nebula
- 114 Nebula Ideas
- 77 Nebula Status and Incidents
- 5K Security
- 44 USG FLEX H Series
- 246 Security Ideas
- 1.2K Switch
- 64 Switch Ideas
- 901 WirelessLAN
- 33 WLAN Ideas
- 5.8K Consumer Product
- 204 Service & License
- 326 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.8K FAQ
- 831 Nebula FAQ
- 401 Security FAQ
- 219 Switch FAQ
- 190 WirelessLAN FAQ
- 45 Consumer Product FAQ
- 136 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 71 About Community
- 61 Security Highlight