Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
efraim
Explorer

Hide NAT issue in a lab environment

Hi, 

I'm currently using a SA R80.10 cloud-based lab environment.

I have the following networks:

10.159.253.0/24 - VPN 
10.159.11.0/24 - Server LAN (one IP is being used by Windows Server which acts as a DC)
10.159.254.0/24 - FW External (eth0)
10.159.0.0/24 - FW Internal (eth1)
10.159.1.0/24 - User LAN (one IP is being used by Windows Server which acts as a client). 

1) I have configured a rule to allow the client to send DNS requests to the DC + Hide NAT for both networks.
2) Since both networks are internal networks (Server LAN + User LAN), NAT should not take place at the first phase (when I execute nslookup and the client sends a packet from User-LAN to the DC which is part of Server Lan).
3) Hide NAT should take place only when the DC sends a DNS request to the FW, and the FW realise that he needs to forward it using his external interface. ("o to O inspection point - after routing decision took place").

For now, I have created a manual NAT rule that is located on top to bypass this.
(original source: Client, Original destination DC, translated source: original, translated destination: original)
Without this rule, anti-spoofing drops the traffic (because Xlate Source IP is 10.178.254.254 which is FW EXT eth0)


Assistance would be greatly appreciated! 

I've tried several things... I will mention few of them:
Under network management > eth1 the network address is 10.178.0.254/24 
I clicked modify > override > specific and selected a group that contains server and user lan. set as detected.
eth0 > set as detect. 

The last thing I did is to go to Network topology and set eth1 to /24 and add the network group that contains server+user lan & change eth0 s.mask to /32. It didn't work either....  


Thank you 🙂 

 

0 Kudos
2 Replies
efraim
Explorer

Nobody? 

0 Kudos
pal
Explorer

As per 0.PNG, rule 2 is doing Hide NAT.  Can you share NAT rule base?

0 Kudos