Cold Lake, AB
|reply to viperm |
Re: Masquerading / natting a single IP or subnet
It should be ok, but it is important to be careful of the order of your rules.
The most specific rules (1-1 nat) should be first, followed by broader or more general rules.
For example, if 10.0.3.215 needed a 1-1 nat, it would work without changing the IP range in the rule you showed, providing the new rule appeared first or before your example rule.
My last rule is not specific. Anyone who doesn't match a previous rule gets masqueraded to a single "catch-all" public IP.