-1

This is more a theoretical question.

Let's assume we have a Firewall/DG (with a connected WAN) on LAN IP 192.168.1.1. All external DNS records for incoming services like OWA, FTP etc. point to this WAN.

Also on the LAN there is another Firewall/DG on 192.168.1.254 which has another WAN connection. This is the Default Gateway for the all the PCs and Servers.

In this situation - will inbound services (let's say RDP to a server, and FTP / HTTPS from the WAN connection on 192.168.1.1 which are NATTed to the servers work, given any return communication from these servers would be from the WAN address on the Firewall 192.168.1.254 (which for the sake of the question, is a totally different WAN IP and range).

PnP
  • 1,684
  • 8
  • 39
  • 65

1 Answers1

2

No, unless you also do source NAT in addition to the destination NAT, otherwise return packets won't go out the correct gateway and hence won't be sent to the original client.

wurtel
  • 3,864
  • 12
  • 15
  • What exactly do you mean with regards to doing Source and Destination NAT in order to achieve this? – PnP Apr 03 '15 at 12:55
  • Well, you already write that you use NAT to forward e.g. RDP to the internal server. That's destination NAT (you're changing the destination address). You also need to change the source address so that the connection seems to come from the 192.168.1.1 system, i.e. source NAT. – wurtel Apr 03 '15 at 12:58
  • Right - otherwise, if the PC making the connection (ie. FTP to the server) saw return traffic coming from a different WAN IP then it connected to, it would drop the t raffic? – PnP Apr 03 '15 at 13:03
  • Such traffic would be indistinguishable from all other crap that arrives at any internet-connected device. – wurtel Apr 03 '15 at 13:33
  • What exactly do you mean? – PnP Apr 03 '15 at 13:59