Bug #140
closed
Switching to AON should generate proper full NAT rules
100%
Description
Switching to AON only adds an outbound NAT rule for the LAN subnet, for outbound traffic to WAN.
It should add the same outbound NAT rules that are automatically created - NATing every internal subnet to the interface IP for every WAN connection.
Updated by Seth Mos over 15 years ago
- Assignee set to Seth Mos
I'll look at this, I made the existing nat code in 1.2 iirc.
I just tested this with multi wan on 2.0 from a 18-11-2009 snapshot.
I have rules for both WAN connections and all known internal subnets. Both the static routes, and the directly connected networks.
tonatsubnets = "{ 192.168.10.0/24 192.168.11.0/24 192.168.2.0/24 }"
no nat on $WAN to port tftp
nat on $WAN from $tonatsubnets port 500 to any port 500 -> 213.73.159.94/32 port 500
nat on $WAN from $tonatsubnets port 5060 to any port 5060 -> 213.73.159.94/32 port 5060
nat on $WAN from $tonatsubnets to any -> 213.73.159.94/32 port 1024:65535
no nat on $WLANC to port tftp
nat on $WLANC from $tonatsubnets port 500 to any port 500 -> 192.168.1.117/32 port 500
nat on $WLANC from $tonatsubnets port 5060 to any port 5060 -> 192.168.1.117/32 port 5060
nat on $WLANC from $tonatsubnets to any -> 192.168.1.117/32 port 1024:65535
Updated by Ermal Luçi over 15 years ago
- Assignee changed from Seth Mos to Ermal Luçi
- % Done changed from 0 to 100