• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1017
  • Last Modified:

Multiple Nat congurations on the same interface Watchguard Firebox

I have a watchguard firebox
I need to setup policy manager for using both private IPs and Natted Public IP's on the same interface
how do I do this

I currently have it set to do 1-to-1 NAT
Everymachine has its own Public IP address currently
I want to add additional PC's on the same interface without using Public IP addresses

1-to-1 NAT setup
-enable 1-to-1 NAT

Interface:     Netbase:                     Realbase:
External        67.132.131.24             192.168.1.24

Dynamic NAT Exceptions:  
192.168.1.24 - external


0
wirelessadmin
Asked:
wirelessadmin
  • 4
  • 3
1 Solution
 
wirelessadminAuthor Commented:
it works perfectly fine for now, but I have more PCs than public IP addresses
0
 
wirelessadminAuthor Commented:
so I need to know how to add pcs with private IP's only
0
 
giltjrCommented:
Umm what?  I am not sure what you want to do.  I don't even understand private and public NAT'ed on the same interface.  Normally you have private addresses on one interface (the "inside") and public addresses on another (the "outside") .  The firewall will then NAT PRIV-to-PUB when traffic is going from the inside to the outside and PUB-to-PRIV when traffic is coming from the outside to the inside.

If you are trying to do NAT'ing and you have many private IP address and only a few public, then you need to either do dynamic 1-to-1 NAT and only a few people (the same number as you have public IP addresses) will be able to get out at once, or you need to do many-to-1 NAT.

My suggestion, and the norm, is to do many-to-one NAT.
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
wirelessadminAuthor Commented:
i want 1-to-1 nat and many-to-1 NAT to run on the same interface
0
 
giltjrCommented:
Which model do you have?
0
 
wirelessadminAuthor Commented:
x1000
0
 
giltjrCommented:
It looks like you just need to enable dynmaic NAT.  By default it will dynamically NAT:

     192.168.0.0/16
     172.16.0.0/22
     10.0.0.0/8

I will assume that it will use the IP address of the "outside" interface that it NATs to.  You can find more at:

     http://www.watchguard.com/help/lss/741/WFSHelp.htm
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now