Help with setting up a conditional NAT


I’m trying to set up a conditional NAT configuration that only NAT’s ICMP from the LAN network to an address on the other side of the WAN (e.g. upstream networks). All other traffic I do not want to NAT. In other words, when I try to pint an upstream device, I want the pint to appear that it is coming from my WAN address interface, but all other traffic from a LAN connected device will just route traffic through the WAN interface without NAT. Can someone help me build this config?

Can you show us the config you’ve deployed so far that isn’t working?

Here is what I used and it seems to be working as desired:

set nat source rule 200 description ‘NAT for ICMP’
set nat source rule 200 outbound-interface ‘eth0’
set nat source rule 200 protocol ‘icmp’
set nat source rule 200 translation address ‘masquerade’

eth0 is the WAN interface

I already have my config setup as a stateful firewall and the above is only what I used for NAT.

Thoughts on this?

Yes, that would work. You might want to specify the source address range in case you get additional LAN interfaces. Additionally, I’m not sure what other NAT rules you have but you may want to adjust the priority so something else isn’t matched first.