Blogs‎ > ‎

SNAT in IPFIRE - how did I miss this?

posted 26 Jul 2015, 17:14 by Andrew at Lycom   [ updated 26 Jul 2015, 17:15 ]
While reconfiguring an IPFIRE Linux firewall recently, it realised that I had missed out on a great feature.

It was available as an add-on in things like IPCOP, but I missed it when I set this firewall up. I'm talking about Source Network Address Translation (SNAT). I've been able to get IPFIRE to use aliases to bind external service IP addresses via NAT, but I didn't see the SNAT feature (which makes traffic look like it _originated_ from the external IP as well). 

Here's how to do it:

To test, say you have used SNAT to link an internal (private) IP to an external (public) IP for a server. Check that traffic is inbound as expected, then go onto to the server itself. If you've sent ALL traffic on the server through that interface, then try visiting something like Steve Gibson's ShieldsUP:

which should confirm that your external IP is being used, and not just the router/gateway IP that handles general traffic.