NAT rule to change internal IP to another on same subnet?

cancel
Showing results for 
Search instead for 
Did you mean: 

NAT rule to change internal IP to another on same subnet?

L4 Transporter

Hi folks,

 

I have created a internal zone IP address I want to use as generic for FTP communications 192.168.1.9.

I want to NAT this IP to our current FTP server 192.168.1.19.  This way when our FTP server changes we just change our NAT rule rather than the rest of our partner companies firewalls, routes, etc.

 

I've created a DNAT rule and able to ping 192.168.1.9 and get a response from 192.168.1.19, but unable to connect via ftp.

 

I've done this before successfully between network zones (subnets) but not on the same zone (subnet) so far.

 

Any suggestions?

11 REPLIES 11

For it to work from outside you need:

From zone - Untrust

To zone - Untrust

Destination Address - 96.68.102.139

Service - create new tcp-21 with protocol tcp and port 21

Destination translation - 192.168.32.19

 

NB! Place this new wan rule above WebServer1 rule because otherwise WebServer1 will NAT all ports to 192.168.1.9

Enterprise Architect, Security @ Cloud Carib Ltd
ACE, PCNSE, PCNSI

View solution in original post

Wow, thanks Raido!

I starting to get it.  I need to spend more time in wireshark to understand it better.

 

Thank you so much for your responses.  Creating this internal "VIP" will help in communicating a long term IP to our IPSec VPN connections that will allow us to change servers and IPs without the need to have our partners update their rules, etc.

 

Final NAT rules.

NAT_VIP.jpg

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!