New Member
Posts: 13
Registered: ‎05-17-2013

using loopback interface for nat masquerade

I'm trying to configure a loopback interface to be used as the outgoing interface for NAT/PAT

this doesn't work for me. I assign a public ip /32 to the loopback and confgure it as the outgoing interface in my nat rule. Doesn't work for me, is this supportted? The loopback is pingable but is not usable as the source interface for NAT/PAT. This is the relevant config

 

interfaces {
    ethernet eth0 {
        address 192.168.2.1/24
        duplex auto
        speed auto
    }
    ethernet eth1 {
        duplex auto
        speed auto
    }
    ethernet eth2 {
        address PUBLIC-IP/30
        duplex auto
        speed auto
    }
    loopback lo {
        address PUBLIC-IP/32
    }
}
 nat {
        rule 1 {
            description plex
            inbound-interface eth2
            inside-address {
                address 192.168.2.150
                port 32400
            }
            log disable
            protocol tcp_udp
            type destination
        }
        rule 5000 {
            description NAT/PAT
            log enable
            outbound-interface lo
            outside-address {
            }
            protocol all
            source {
                address 192.168.2.0/24
            }
            type masquerade
        }
    }

 

Established Member
Posts: 1,211
Registered: ‎06-14-2012
Kudos: 1008
Solutions: 80
Contributions: 9

Re: using loopback interface for nat masquerade

Loopback isn't a valid interface for NAT as traffic isn't actually forwarded in/out of it.  Apply the IP as a secondary to the appropriate interface.

New Member
Posts: 13
Registered: ‎05-17-2013

Re: using loopback interface for nat masquerade

this is slightly annoying, this kind of setups work on a cisco

my isp assigns me a public /29 to use for my LAN

my wan is a /30 between me and my isp that can not be used for NAT. On a cisco i would just configure the public /29 on my lan interface, add a private lan range as secondary and use a loopback address /32 from my public /29 to NAT/PAT the private range on the LAN. I could still use the 5 other public ip for hosts on the LAN that required public ip

SuperUser
Posts: 21,761
Registered: ‎11-20-2011
Kudos: 7932
Solutions: 233

Re: using loopback interface for nat masquerade


@freegeeks wrote:

this is slightly annoying, this kind of setups work on a cisco

my isp assigns me a public /29 to use for my LAN

my wan is a /30 between me and my isp that can not be used for NAT. On a cisco i would just configure the public /29 on my lan interface, add a private lan range as secondary and use a loopback address /32 from my public /29 to NAT/PAT the private range on the LAN. I could still use the 5 other public ip for hosts on the LAN that required public ip


Re-read the post above your last one (mr jester).



isp builder | linux sorcerer | datacenter automation conjurer | blog: blog.engineered.online
link to our slack channel on the blog
New Member
Posts: 13
Registered: ‎05-17-2013

Re: using loopback interface for nat masquerade

my post was a response to his.

 

As far as I can see, it's not possible to use the same kind of setup like I used to do on a cisco. eth2 is my wan,   to be able to use nat from my /29, I have to configure it as a secondary range on eth2. I tried it, this works but thats not what I want, I want to configure the /29 as a secondary on eth0 (my lan) and use one ip address from this range as a loopback /32 to masquerade my private range.

SuperUser
Posts: 21,761
Registered: ‎11-20-2011
Kudos: 7932
Solutions: 233

Re: using loopback interface for nat masquerade

[ Edited ]

Make a subinterface of ethX, just like you would on any other linux box, JunOS, etc.

 

Or make a static ARP entry, that should work for you as well.

 

If you're mad that it doesn't work like Cisco, that's because Cisco does things their own way... completely different from the rest of the industry Man Wink

 

There's always more than one way to skin that cat.



isp builder | linux sorcerer | datacenter automation conjurer | blog: blog.engineered.online
link to our slack channel on the blog
Veteran Member
Posts: 5,456
Registered: ‎03-12-2011
Kudos: 2746
Solutions: 129

Re: using loopback interface for nat masquerade

Err, if you have a static IP that you're using for NAT, you probably want to be using SNAT not Masquerade. At which point you might find your configuration might just work if I'm interpreting what you're after correctly. SNAT, specify your public ip as the outside address, set the outbound interface to the outside interface instead of lo.

New Member
Posts: 13
Registered: ‎05-17-2013

Re: using loopback interface for nat masquerade

I'm not mad, just trying to get used to different way of working

I like the edgemax, incredible value for money

been playing with it a whole day, setup ipsec to mikrotik and meraki devices without a problem

just wanted my loopback nat to work, that's all :-)