I have a specific need to allow clients of a private net (connected to OPT3 w/ 10.10.10.0/24 reserved DHCP addresses) to connect to the LAN net (145.191.112.0/20 > static addresses via DHCP reservations). BTW only a small supernet of address are attached to the pfS box (145.191.114.0/23).
The issues is that there are servers in the LAN that the clients of the OPT3 network need access to and these servers REQUIRE 145.191.x.x address to access them. These admin will NOT allow private address space to access their servers (tcpwrappers, iptables and other SELinux methods). They are not willing to budge on this ..... so my thinking is that I can set up a NAT pool to NAT the OPT3 addresses (10.10.10.x) to some open LAN address space (145.191.x.x). I have tried slicing off a very little subnet 255.255.255.242 of the OPT3 net and doing some 1:1 NAT with these addresses and those of the LAN in the same way, but I have had very little luck. QUESTION I Is this type of NAT setup even possible? QUESTION II Do the subnets have to match on either side of the NAT schema? QUESTION III I am using 1:1 because I want to control which OPT3 clients have access into the LAN (is this correct thinking)? QUESTION IV Do I have to get the admins of the routable LAN net to carve out a specific subnet for me to use the 1:1 NAT schema? Regards and thanks !! -- David L. Strout Engineering Systems Plus, LLC --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
