Astaro User Bulletin Board
Go Back   Astaro User Bulletin Board > Astaro Gateway Products > General Discussion
Reload this Page Feature request: Masquerading for additional IP-addresses
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Welcome to the Astaro User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 04-04-2009, 10:11 PM
Member
  
Join Date: Oct 2002
Location: Sweden
Posts: 59
Default Feature request: Masquerading for additional IP-addresses
Currently (v7.401 and earlier) it is impossible to select Masquerading for additional IP addresses, it is only possible to choose the nics' main IP addresses.

The workaround is to use snat, but it is a nightmare if you have many nics and vpn:s.
__________________
10 user license non-profit org:ASG 7.500, SUN Fire x2100, AMD Opteron 2.8GHz dual core, 2GB ram, 6 nics, 250GB HDD
10 user home license: ASG Virtual appliance 7.500 with vmware server 2.0.1 on Ubuntu 8.04 server, Asus P5B-V, Intel Core quad 2.4GHz, 8GB ram, 1.3TB HDD, 4 Nics, 2 other virtual instances.
Reply With Quote
  #2 (permalink)  
Old 04-04-2009, 11:33 PM
BAlfson's Avatar
Moderator
  
Join Date: Mar 2007
Location: Oklahoma City
Posts: 5,396
Default
Erik, I think Masquerading works with an interface, so it takes whatever address is on the interface. Are there other products that allow masquerading not on the primary IP?

You didn't say what you want to accomplish, but have you considered policy routing? What about using VLANs instead of Additional Addresses (I don't know if that will work, I'm just ideating)?

Anyway, it will be interesting to learn the solution you find.

Cheers - Bob
__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!
Reply With Quote
  #3 (permalink)  
Old 04-05-2009, 06:56 AM
Member
  
Join Date: Oct 2002
Location: Sweden
Posts: 59
Default
"Erik, I think Masquerading works with an interface, so it takes whatever address is on the interface. Are there other products that allow masquerading not on the primary IP?"

Let say that you have three nics with IP adresses A, B and C.
A is external and there you have an additional IP adress D.

On network B and C you have two webservers, one on each network. Masquerading on external for net B is as usual. However, you cannot set up Masquerading for net C using the additional IP address D on the external interface.
__________________
10 user license non-profit org:ASG 7.500, SUN Fire x2100, AMD Opteron 2.8GHz dual core, 2GB ram, 6 nics, 250GB HDD
10 user home license: ASG Virtual appliance 7.500 with vmware server 2.0.1 on Ubuntu 8.04 server, Asus P5B-V, Intel Core quad 2.4GHz, 8GB ram, 1.3TB HDD, 4 Nics, 2 other virtual instances.
Last edited by Erik Franzén; 04-06-2009 at 04:01 PM.
Reply With Quote
  #4 (permalink)  
Old 04-05-2009, 01:11 PM
Gert Hansen's Avatar
Wizard
  
Join Date: Nov 2000
Location: Karlsruhe, Germany
Posts: 1,242
Default
hi there,

this is work in progress and should be part of the next feature update.

regards
Gert
Reply With Quote
  #5 (permalink)  
Old 04-16-2009, 02:15 AM
Junior Member
  
Join Date: Feb 2009
Posts: 24
Default
Quote:
Originally Posted by Gert Hansen View Post
hi there,

this is work in progress and should be part of the next feature update.

regards
Gert
This sounds great! We have asked for that feature about one year ago - it would be fantastic if this came true.
Reply With Quote
  #6 (permalink)  
Old 04-16-2009, 02:11 PM
WaMaR's Avatar
Senior Member
  
Join Date: Nov 2003
Location: Biala Podlaska, POLAND
Posts: 161
Default
I always believed that Masquerade NAT is the same as Source NAT (SNAT), but Masquerading allows for this functionality even though these internal machines don't have an officially assigned IP address.

My ISP provides me the entire class C for public IP addresses and therefore for me it is natural to use additional public addresses for SNAT other servers,
for many local area networks, simple IP authentication, etc.


Therefore, I can not imagine to be limited only to the IP masquerade and one public IP address.

------
I would like to add that much more desirable feature would be adding the possibility of configuration http proxy profiles for use different public IP addresses the same way as is done by doing SNAT for outgoing packets from different local networks.

Read more at: http://www.astaro.org/astaro-gateway-products/general-discussion-feature-requests/25390-feature-requests-configuration-proxy-profiles-use-different-public-source-ip.html

__________________
2x ASG320 HA, v7.402
Last edited by WaMaR; 04-21-2009 at 09:36 AM.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 04:53 AM.

 
Contact Us - Astaro User Bulletin Board - Archive - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.


These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases. issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.