Packet Filter NAT

[lioncub@…]

Add in "Filtering rules for internal networks" (or other category) checkbox "NAT" for iptables POSTROUTING rules.

[jacalvo@…]

We don't understand what you are proposing. Zentyal already has the Firewall -> Port forwarding section to add NAT POSTROUTING rules, what do you exactly miss there?

Please reopen if you can provide a better explanation for this. Thanks.

[lioncub@…]

Chain POSTROUTING and not PREROUTING?

Example: /sbin/iptables -t nat -A POSTROUTING -s 192.168.10.250 -d 92.123.64.25 -p tcp -m multiport --dport 80,443 -j MASQUERADE

[jacalvo@…]

Ok, I think we understand you now. But you are requesting for a new feature that was not planned for 2.2 (and the 2.2 development it's already frozen), so this will have to wait for 2.3 at least.

[clever@…]

I do not understand why Zentyal not have a basic firewall functionality such as Nat Source, problems of CBL mail, just avoid making the NAT Source Mail Server comes out of one of the ips to different virtual LAN. This is a terrible flaw of this interesting distribution, I hope the solution soon. For now, I can not use Zentyal for production

[jamor@…]

I see two issues in this ticket:

• the first one is to be able to define arbitrary masquerade rules. In most scenarios this is not necessary because Zentyal adds automatically masquerade rules for connections from internal to external networks. We don't have enough requests to justify to add this feature. As always you can use a hook to add arbitrary rules.

• The second issue is to be able to add SNAT rules, this feature has been added to the repository version of zentyal-firewall

Regards,

Javier