@Clive_A 

I'm using a software controller and the latest version is currently 5.14.26.1 so looks like I'll have to wait, but I do notice that it seems that thread is saying you can turn NAT on or off entirely, but I am wanting to add an exception for a single subnet, not turn NAT off entirely so not sure if that is *exactly* the same thing as I am requesting?

Clive_A wrote

Hi @L2K 

Thanks for posting in our business forum.

 

Curious, how do you achieve this on the third-party router? This can be split?

  @Clive_A 

Using Mikrotik currently so I could just add a !192.168.0.0.16 to the masquerade rule for instance to masquerade everything except for the designated subnet.

  @Clive_A

I think the title is pretty close, as a layman. Not sure what the exact term wouold be in the world of network engineering, coming from the Mikrotik world there are so many options for every rule I'm not sure every single option has a specific name.

Not sure if my exact setup is unique but I have a double NAT setup where the Omada router WAN is a client of the DMZ network (where all the DNS and web servers are) but all the traffic for these devices just shows up as coming from the Omada router WAN IP so the logs on the web/DNS servers are useless. I just want to not masquerade/NAT the traffic to this DMZ subnet but everything else can be NATted.

It wouldn't be a major issue if I just turned NAT off entirely here as I am obviously already on a NATted network but the NAT on the Omada router just keeps the traffic out of the DMZ that isn't destined for the DMZ. The setup we have here is becoming more common in the way we set up networks on smaller client sites where we have this DMZ for some local devices doing analytics/security. Here the network setup is the same but rather than DNS/web servers we have client devices like cameras that need to have their source IP revealed to the analytics servers. Again we could just turn NAT off entirely but I am just trying to keep some seperaton where possible.