Is it necessary to do IP MASQUERADE in this case?

iptables

I work in a medical clinic; our institution is connected to the telematic network of the Ministry of Public Health of my country. All internet browsing is done through a proxy server and in our clinic I have installed a non-transparent child proxy with the aim of limiting access to harmful or other content not in accordance with the internet access policy established by the telematic network. I have implemented our firewall through iptables and so far I have only needed to open certain ports to access services external to my institution but within the network of the Ministry of Public Health. My question is: if in the configuration of my iptables, it is necessary in addition to forwarding to the external ports, I must enable IP MASQUERADE, in short, the modem has a private address as WAN IP within the great network of the Ministry, and my local network is also with private IP.


Solution 1:

You don't need to NAT from private IP to private IP, you can just do routing and filtering.

Although, if the ministry don't need to access your network (just the clinic can access the ministry) AND you have routing issues, you could enable SNAT via masquerade to solve this fast, without the need for the ministry to add route to your network.

Related

"permission denied"error even though I supposedly have full privipedge
Windows 10 missing service
Error using pip with requirements.txt
Partitions and filesystems on an SSD
How do I prevent Widgets.exe from getting automatically started on Windows 11?
Why would REGSVR32 not find a DLL that is clearly there?
Using dd-wrt Dynamic DNS client with CloudFlare
IIS7 SSL Cert replaced, still sending old expired cert to browser
How do I increase FastCGI read timeout to prevent 504 error on nginx?
Is there a way to change a .iso files volume id from the command line?
Who is user 500?
Apache: Virtual hosts with multiple locations with multiple document roots: is it possible?