Has anyone run a similar setup? This will probably be confusing but I will use x.x.x.x for fictitious public addresses and use the full address for the private ones.
IF1 EXT x.x.1.1/24 IF2 PSN x.x.2.1/24 A route on the outside routes x.x.2.0/24 to x.x.1.1 x.x.2.0/24 defined as an IP Passthrough network. All the x.x.2.0 traffic basically doesn't use nat at all and filters are defined in the IP Passthrough filter section. Now the tricky part. Bind a private IP to IF2 say 192.168.1.1/24 So it now looks like. IF2 PSN x.x.2.1 and 192.168.1.1 The question is will the private addresses work fine using NAT on that same interface? ...and before anyone even says it...yes it would be better to have an IF3 and put the private addresses there but that isn't the question.
