Hi, I am trying to replace my current firewall and am evaluating IPFire. I have a /29 block of IP addresses. 88-95. I can configure IPFire with 90 (gateway 89) and set up aliases for 91-94. Now I have a LAN device, lets say 192.168.20.10 that I want to receive all traffic to .91 test1). I set up a rule:
The matching SNAT rules (Masquerading) are automatically added so returning NAT’d traffic appears to come from the public WAN IP addresse(s).
Check Firewall → Firewall Options → Masquerading.
This is the default (used with public WAN addresses and private/non-routable LOCAL addresses).
Without Masquerading, the return traffic from private IP addresses on LOCAL networks (GREEN,ORANGE,BLUE) would be dropped as it is not routable on the public internet. The option to disable Masquerading is useful in edge cases for firewalling/routing private internal networks (where WAN and LAN both use private addresses, eg: a non-internet connected IPFire behind another IPFire).