Skip to main content

Direct Source NAT Firewall traffic

Updated
This article applies only to On-Premise Appliance, not to our Cloud products.

You can configure how the Smoothwall Appliance routes traffic between networks (such as routing traffic to the Internet) using Source Network Address Translation (NAT). For example, your phone system may require this, or you want to set up a Gateway failover for an internet line .

The Source NAT & LLB rules page contains two sections:

  • Local traffic: This section determines how to route network traffic originating from the Smoothwall Appliance (by its own function or acting as a proxy for other network traffic).
    • Guardian: Web traffic going through Smoothwall Filter.
    • Default LLB pool: All other traffic.
  • Source NAT rules: This section defines Source NAT policies for traffic routed through your Smoothwall Appliance.

  Important

When you turn on Spoofing for a Web Proxy authentication policy , your network sees the traffic as originating from the client and Smoothwall Appliance applies the Source NAT rules, instead of the settings in the Local traffic section.

Before you begin

Because changing these settings can impact your access to the Smoothwall Appliance Admin UI, you should have a recovery system in place. You can create a System restore point from System > Maintenance > System restore.

Change Local traffic rules

  1. Go to Network > Configuration > Source NAT & LLB rules and go to the Local traffic section.
  2. Define where traffic should go:

      Important

    Define where traffic should go instead of using the All available option, to prevent the Smoothwall Appliance from misrouting the traffic.

    • For Guardian, you can leave this set to the Default LLB pool to use what is selected in the Default LLB pool field, or change this using the dropdown to a Link Load Balancing pool or an interface.
    • Change the Default LLB pool using the dropdown to a Link Load Balancing pool or an interface.
  3. Select Save changes.

Add a Source NAT rule

  Tip

When building a rule, for Source IP addresses, Destination IP addresses and Services:

  • Use Search to narrow your list of items.
  • Leave the fields blank to apply the rule to Any (all).
  1. Go to Network > Configuration > Source NAT & LLB rules.
  2. Add a new rule:
    • (Recommended) To prevent the rule from being added to the top of the list, hover over an existing rule, select Add and select Rule above or Rule below.
    • Select Add rule.
  3. Ensure the Enabled checkbox is selected.
  4. Use Source IP addresses to manage traffic coming from specific IP addresses, subnets or IP ranges:
    • Select the checkbox next to one or more Address objects . Select Add.
    • Select the minus icon (-) next to an item to remove it from the list.
    • Select Create to add a new Address object or Address object group.
  5. Use Destination IP addresses to manage traffic destined for specific IP addresses:
    • Select the checkbox next to one or more Address objects . Select Add.
    • Select the minus icon (-) next to an item to remove it from the list.
    • Select Create to add a new Address object or Address object group.
  6. Use Services to manage traffic on specific TCP and/or UDP ports:
    • Select the checkbox next to one or more Service objects , then select Add.
    • Select the minus icon (-) next to an item to remove it from the list.
    • Select Create to add a new Service object or Service object group.
  7. Choose the Source NAT (SNAT) behaviour:
    • SNAT using a Link Load Balancing pool: Hide the source IP address of the network device behind the external IP address of your Smoothwall Appliance.
    • Preserve the original source IP: Preserve the source IP address so the destination can see the network device's IP address.
  8. If you selected SNAT using a Link Load Balancing pool, from the Link Load Balancing pool or Local IP address dropdown, select either:
  9. If you selected Preserve the original source IP, for Gateway:
    • If you have one gateway, select Automatic.
    • If you have more than one gateway, select the gateway to route traffic through.
  10. (Optional) Enter a descriptive Comment.
  11. Select Save changes.

Reorder Source NAT rules

Smoothwall applies rules from top to bottom. To change the order, select and drag the rule to its new position.

Edit or turn off a Source NAT rule

  Note

You can’t turn off the default rule at the bottom of the table. You can only edit the SNAT and Link Load Balancing pool or Local IP address fields.

To edit a rule:

  1. Hover over a rule.
  2. Select Edit.
  3. Edit the fields.
  4. Select Save changes.

To turn off a rule:

  1. Select the toggle in the Enabled column.
  2. Select Save.

Delete a Source NAT rule

  Note

You can’t delete the default rule at the bottom of the list.

  1. Hover over the rule.
  2. Select Delete.