You can configure how traffic is routed out of the Smoothwall, including whether it's hidden behind an IP address that the Smoothwall "owns". This is source Network Address Translation (NAT). Source NAT is needed when accessing the Internet. It can either be done by the Smoothwall Filter and Firewall, or by another device between the Smoothwall and the Internet such as the gateway, or both. Typically, source NAT is carried out by the gateway. You can also specify the gateway device to direct traffic to, or a link load balancing (LLB) pool of external connections to use, including a default LLB pool to use. For a detailed description of load balancing external connections.
You can have local traffic, that is, traffic for installed services such as the Smoothwall Filter, use a load balancing pool.
Upon installation, the Smoothwall defines a rule for each gateway configured, and a “catch-all” rule for internal networks.
Source NAT rules are applied in the top-down order they're listed in the Source NAT rules table. Once a match is found, no further searching is made.
Note: If IP address spoofing is turned on for any Smoothwall Filter web proxy authentication policy (see our help topic, Creating authentication policies), the LLB pool configured here isn't applied to local spoofed traffic because it's not seen as coming from the Smoothwall Filter.
Prerequisite
For each proxy service, select the default interface to use for traffic generated by the Smoothwall:
- On the NETWORK menu, under the Configuration submenu, click Source NAT & LLB rules.
- Under the Local traffic section, for each service, from the list, select the appropriate load balancing pool to use and click Save changes.
Procedure
- On the NETWORK menu, under the Configuration submenu, click Source NAT & LLB rules.
- Under the Source NAT rules section, click Add rule. Otherwise, find the rule that you want to place the new rule before or after, place your mouse cursor over the rule, click Add and then select either Rule above or Rule below.
- Select the Source IP addresses and Destination IP addresses where traffic is received from as identified in the network packet and click Add. Otherwise, leave blank to source NAT traffic for all IP addresses.
- To add a new object or group directly, click Create and select the Type that you want to add, enter the Name, Address or select the Address objects and enter a descriptive Comment, and then click Add item.
- To remove the object or group, click the - icon next to the IP address that you want to remove.
- Select the Services for this rule and click Add. Otherwise, leave blank to include all services.
- To add a new service or group directly, click Create and select the Type that you want to add, enter the Name, Protocol and Port, or select the Service and click Add. Enter a descriptive Comment, and then, click Add item.
- To remove the service or group, click the - icon next to the service that you want to remove.
- Choose the relevant source NAT (SNAT) behavior:
- To use a link load balancing pool to hide the source IP address of the network device behind the external IP address of the Smoothwall Filter and Firewall, select the SNAT using a Link Load Balancing pool option and from the Link Load Balancing pool or Local IP address list, select the LLB pool.
- To preserve the source IP address to make the network device's IP address available, select the Preserve the original source IP option and from the Gateway list, select the relevant gateway to route traffic. If you've more than one gateway configured, make sure that you select a gateway, don't select Automatic.
- Enter a descriptive Comment and click Save changes.
Follow-up tasks
- To edit a source NAT rule, under the Source NAT rules section, place your mouse cursor over the rule that you want to amend and click Edit, make any changes and click Save changes.
- To reorder the source NAT rules, under the Source NAT rules section, place your mouse cursor over the rule that you want to move, click it and drag the rule to the new position, and then click Save.
- To delete a source NAT rule, under the Source NAT rules section, place your mouse cursor over the rule that you want to delete and click Delete.