Combine 1-to-1 NAT with Dynamic NAT

Hello everyone,

I have a tricky situation and I am not quiet sure how to accomplish that.
There is one interface (eth1) on our Watchguard which is connected to an external router with a special internet connection.
Every connection to this interface (eth1) needs to be translated to an IP address in the 10.20.20.0/24 subnet because only addresses from this subnet can be routet there. Currently I have a 1-to-1 NAT rule which translates our LAN subnet 192.168.100.0/24 to 10.20.20.0/24.
But now we need to extend our 192.168.100.0/24 to a /23 subnet. So I would like to do a dynamic NAT for all connections to the interface eth1. Every connection could do a dynamic NAT to a single IP address in the 10.20.20.0/24 subnet, e.g. 10.20.20.1. Is this possible?

Thanks,
Jonathan

Comments

  • On the Dynamic NAT setup, you can specify "Set source IP addr" which should resolve your issue.

    Dynamic NAT entry:
    From: your source subnet, source Interface name, etc.
    To: eth1 Interface name
    Set source IP addr: 10.20.20.1

    Move this entry to the top of the list.
    Remove the 1-to-1 NAT entry no longer needed

  • If have already tried this but the web ui won't let me. It shows the following message:"The source IP address you specifiy must be on the same subnet as the primary or secondary IP address of the outgoing interface or the loopback interface". Should I add the 10.20.20.1 as secondary IP address to the interface eth1 as workaround or will things break?

  • We need more details about the need for a 10.20.20.1 IP addr here.
    Do you have a subnet anyplace in your config including 10.20.20.1?
    If not, then adding 10.20.20.1 as a secondary on eth1 should work - as long as whatever is down eth1 knows to route things back to eth1 for dest packets of 10.20.20.1, as presumably eth1 has a different subnet IP addr.

  • Yes, forgot to mention that eth1 has a different subnet IP address. I have added the 10.20.20.1 as a secondary IP address to interface eth1 and now it works. Thank you.

Sign In to comment.