cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
207
Views
0
Helpful
2
Replies
Highlighted
Beginner

Destination NAT on a Router for 1 Source IP

Hi All,

This is fancy NAT question for yal and most people don't have to do this, but my network is very restrictive! 

 

Internet works fine for all devices and I have PAT on my firewall already.

I want to do this before it hits my firewall, which is on my local router that this machine sits at.

 

To get postage rate updates, this Postage-Machine-10.2.2.251 goes to 8.8.8.8 for DNS.  Somewhere in the programming which I can't control, it uses DNS-PUBLIC-8.8.8.8.  

 

My company firewall blocks all public DNS and they said no to opening it up for this and told me to NAT it.  So I want to NAT the destination  DNS-PUBLIC-8.8.8.8 to my internal DNS-PRIVATE-10.10.10.1 for this 1 SOURCE-POSTAGE-MACHINE-10.2.2.251

 

I only want to do this to 1 SOURCE-POSTAGE-MACHINE-10.2.2.251 only and not all source.

 

Source (postage machine): 10.2.2.251

Destination: 8.8.8.8 UDP-53  -->   NAT to 10.10.10.1 UDP-53

-------------------------------------------------------------

 

I thought of this, but the thing is that the below allows any source to go to 8.8.8.8 to be NATed.  I only want 1 ip 10.2.2.251 to be able to do this NAT, not all source.  This is how I would do it, but I'm just missing on how I would restrict it to this 1 source ip instead of applying it to all source ip.

 

ip nat outside source static udp 8.8.8.8 53  10.10.10.1 53 extendable

 

interface Gig0

 ip address 10.2.2.1 255.255.255.0

 ip nat inside

 

interface Serial0

 description MPLS

 ip address 208.1.1.1 255.255.255.252

 ip nat outside

 

 

 

Everyone's tags (1)
2 REPLIES 2
Highlighted
VIP Mentor

Re: Destination NAT on a Router for 1 Source IP

Hello
Your host machine has the same ip address as you nat routers inside lan facing interface?

As for the dns, your pc will use google dns anyway so you dont need a static  nat outside entry for that, A simple static inside nat entry should work fine as long as it doesn't conflict wth the rts lan facing interface ip.

example:
ip nat inside source static udp 10.2,2,X.10 53 interface serial0 53



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Highlighted
Beginner

Re: Destination NAT on a Router for 1 Source IP

My devices can access internet and works and is being PAT at the firewall, my firewall blocks all public DNS, the company does not allow public DNS. So I want to NAT this destination public DNS-8.8.8.8 to my private DNS-10.10.10.1 before it hits the firewall. This only effects this 1 postage machine 10.2.2.251, that has a public DNS-8.8.8.8 hard coded into their programming which no one can change.

Content for Community-Ad