Outbout NAT At My Limit
-
Thanks for the reply.
The reported IP is 24.39.20.248, It needs to be 24.39.20.250. When we connect to this webserver(VLAN) from the LAN it should mask our external IP.
WAN interface is the only with a gateway listed.
Outbound NAT SS posted.
-
I just tested a somewhat similar setup, where I first tried to translate the source address to 192.168.1.2/32, and that worked (source became 192.168.1.2). Afterwards I changed it to 192.168.1.2/24, and then the source address was translated to 192.168.1.0. So looks like you atleast need to use /32 But you have already tested that, not sure why it doesn't work with your setup.
-
I just checked again … if I switch it to a /32 I can't even access the server. times out.
-
It seems the only way around this would be to turn the LAN into a VLAN, which I'm a bit concerned about considering we have a IPsec tunnel setup for the LAN.
-
Just want to make sure I am understanding this correctly….
Looking at the attached pic:
1 = Interface packet is leaving
2 = Packets origin
3 = Packets destination
4 = Mask the identity of the packets origin withPerhaps this can't work over local considering im asking it to mask with an external ip.
-
Anyone?
-
I was hoping someone could at least confirm my logic with that attached picture above.
Perhaps the best thing would be for me to pay for the support and go that route.
-
I was hoping someone could at least confirm my logic with that attached picture above.
Your logic is hereby confirmed :) The picture looks good!
-
Thank you sir! ;D
-
You did clear states after making changes but before testing right?
-
Yes of course.
Issue seems to be; with the vlans I can select the specific public IP, but with the LAN I can only select 'interface address' which would reflect a local, a vlan public which would be incorrect or a specified subnet. Choosing specified subnet 'xxx.xxx.xxx.xxx/32' doesn't work and /29 reflects an ip just below the gateway? .248 whereas the gateway is .249
-
Wait a minute.
You want connections from LAN to VLAN to appear to be coming from 24.39.20.250?
To what interface is that VIP assigned?
-
Yes,
That's just it, it's the only public IP that is not VIP. It is assigned to the WAN
-
I'm not sure how you expect to NAT an address that isn't assigned to either of the interfaces involved in carrying the traffic.
That seems pretty convoluted to me and I'm not surprised it's not behaving as you think it should.
-
Workstation on LAN accesses Webserver on VLAN by way of domain.com, dns call goes out to determine IP of domain.com = 24.111.111.111.
Server should think request is from IP 24.111.111.110 (pub IP of LAN).Perhaps this should be accomplished with a static route?
