New user trying to set up SNAT and DNAT

I just installed a new box, with wan(red0), lan(green0), and an IPsec connection.
(which disturbingly does not show up as a separate interface. But… moving on…)

I’m trying to figure out how to set up rules, so that my LAN addresses can be addressed as something else, when coming over IPsec.

That is to say, remote locations, should be able to connect to what they think is “” over IPsec… but ipfire should translate that to

The GUI doesnt seem to be quite flexible enough to do that.
Please tell me if I’m mistaken.

Im happy to use CLI. However… I’m not sure how to save it, let alone get it to work.
There is no /etc/iptables, soo… ?

I am not sure why you would want to just not address the destinations directly, but have a look at the iptables NETMAP target - Netfilter Extensions HOWTO

Sounds promising.
But… what is the ipfire method of saving these kinds of iptables hacks after reboot?

I’m pretty new here, but try - firewall.local.

1 Like

Thanks so much! That sounds exactly what I need :slight_smile: