Solved

Multiple Nat congurations on the same interface Watchguard Firebox

Posted on 2006-06-28
7
964 Views
Last Modified: 2013-11-16
I have a watchguard firebox
I need to setup policy manager for using both private IPs and Natted Public IP's on the same interface
how do I do this

I currently have it set to do 1-to-1 NAT
Everymachine has its own Public IP address currently
I want to add additional PC's on the same interface without using Public IP addresses

1-to-1 NAT setup
-enable 1-to-1 NAT

Interface:     Netbase:                     Realbase:
External        67.132.131.24             192.168.1.24

Dynamic NAT Exceptions:  
192.168.1.24 - external


0
Comment
Question by:wirelessadmin
  • 4
  • 3
7 Comments
 
LVL 5

Author Comment

by:wirelessadmin
ID: 17003689
it works perfectly fine for now, but I have more PCs than public IP addresses
0
 
LVL 5

Author Comment

by:wirelessadmin
ID: 17003776
so I need to know how to add pcs with private IP's only
0
 
LVL 57

Expert Comment

by:giltjr
ID: 17004740
Umm what?  I am not sure what you want to do.  I don't even understand private and public NAT'ed on the same interface.  Normally you have private addresses on one interface (the "inside") and public addresses on another (the "outside") .  The firewall will then NAT PRIV-to-PUB when traffic is going from the inside to the outside and PUB-to-PRIV when traffic is coming from the outside to the inside.

If you are trying to do NAT'ing and you have many private IP address and only a few public, then you need to either do dynamic 1-to-1 NAT and only a few people (the same number as you have public IP addresses) will be able to get out at once, or you need to do many-to-1 NAT.

My suggestion, and the norm, is to do many-to-one NAT.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 5

Author Comment

by:wirelessadmin
ID: 17005242
i want 1-to-1 nat and many-to-1 NAT to run on the same interface
0
 
LVL 57

Expert Comment

by:giltjr
ID: 17006305
Which model do you have?
0
 
LVL 5

Author Comment

by:wirelessadmin
ID: 17010598
x1000
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 17015132
It looks like you just need to enable dynmaic NAT.  By default it will dynamically NAT:

     192.168.0.0/16
     172.16.0.0/22
     10.0.0.0/8

I will assume that it will use the IP address of the "outside" interface that it NATs to.  You can find more at:

     http://www.watchguard.com/help/lss/741/WFSHelp.htm
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question