I have a firewall zone called ZHADUM. I would like to route all outbound connections from ZHADUM to wan via a particular wan IP (I have 5 IPv4 addresses)
How should I format a firewall rule to do this or is there a better way?
You would do a SNAT:
config nat
option src 'wan'
option name 'use_other_IP'
option src_ip '192.168.xxx.0/24'
option target 'SNAT'
option snat_ip 'xxx.xxx.xxx.xxx'
I haven't personally tested zones due to my use case, so the rule above shows IP.
I think source zone shouldn't be wan. It should be src ZHADUM (better use small letters) and dest wan.
(WAN is the source of the traffic leaving - that needs its IP changed.)
Perhaps that's why my rule only work with IP.
1 Like
You're right, I should have tested it before replying.
One remark: If the wan zone has more than one interfaces (like tun, wg, wwan etc), it is better to use option device some_interface_name so that SNAT is applied on the specific interface only.
1 Like
I tried the following rules and several other variations but nothing seems to work. any help woul;d be greatly appreciated.
config nat
option src 'wan'
option name 'ZHADUM-SNAT'
option src_ip '10.111.221.0/24'
option target 'SNAT'
option snat_ip 'external IP'
option device 'wan2'
config nat
option src 'ZHADUM'
option name 'ZHADUM-SNAT'
option src_ip '10.111.221.0/24'
option target 'SNAT'
option snat_ip 'external IP'
option device 'eth2'
config nat
option src 'WAN2'
option name 'ZHADUM-SNAT'
option src_ip '10.111.221.0/24'
option target 'SNAT'
option snat_ip 'external IP'
option device 'eth2'
edit: actually this seems to have worked:
Actually, this rule seems to have accomplished what I needed:
config nat
option name 'ZHADUM-SNAT'
option src_ip '10.111.221.0/24'
option target 'SNAT'
option snat_ip 'EXTERNAL IP'
option src 'wan'
Thanks!
If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.