Dear Community,
Maybe one of you can help me for a better understanding of Source-NAT?
I guess my issue could be solved by using the right Source-NAT configuration?
I have configured a Destination NAT like the following example:
Untrust Interface (reth0.0) has Public IP 1.2.3.4/27 (which means any other IP of this subnet is usable on this Interface)
A host within the Trust Zone has the IP 172.10.10.55/32
Now I made a Destination NAT for Source 0.0.0.0/0 and Destination 172.10.10.55/32
Of course i made a proxy-arp for reth0.0 with address 1.2.3.5/32 (because the NATted host should be reachable under 1.2.3.5) this all is working fine and the host behind the NAT is reachable under the second public-IP
But when i check the public-ip used on the host itself, i see it's going out with the untrust interface IP 1.2.3.4 and not with 1.2.3.5 what i wish it would do.
I guess now Source-NAT is the key in order to have the host behind NAT using it's <second>Public IP?
Short description:
IS situation:
1.2.3.5 --DNAT-->172.10.10.55/32 (configured by Proxy-ARP 1.2.3.5 for reth0.0 which is the untrust interface and having 1.2.3.4/27
172.10.10.55/32 --SNAT??-->1.2.3.4 (still using the regular untrust interface IP)
SHOULD situation:
172.10.10.55/32 --SNAT??-->1.2.3.5 (should use the same public IP for outgoing traffic as with Proxy-ARP defined)
Thanks for any hints or input on this.
Best regards,
IT-onBase