Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT 1:1 not working on some but does on others

    Scheduled Pinned Locked Moved NAT
    4 Posts 3 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MARKE1SX
      last edited by

      Hi. I have 8 rules setup the same way with all different virtual IP some work and some don't. IS there a limit to how many virtual IP I cna have with the same port open?

      IF i try it local on teh lan net it works and I can RDP to the server. IF it try it on the external address it will not work. prompts for user ip and address but the port 3389 will not open. THis is setup same as my other ones that work.

      I set virtual IP section adn then try to ping the ip and it works.

      I go to 1:1 nat section and set virtual ip (Public) to internal ip (LAN) same as the others that work
      then I set a rule to allow 3389 to that internal ip same as the others that work. But this one doesn't work. it works on internal ip but not external ip.
      Any ideas would be helpful
      version is 2.2.6

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Try a simple port-forward instead of a 1:1 NAT.

        If you more help, post screens of your NAT rules and sanitized WAN rules.

        1 Reply Last reply Reply Quote 0
        • M
          MARKE1SX
          last edited by

          OK did some trouble shooting. It looks like it is passing traffic from the IP to a different server. Looks like a issue with the nat

          I set the virtual IP same as all the others and all them work but this one. I have 6 servers set to use NAT different IP but port is the same 3389

          I set external subnet ip to xx.xx.xx.22  I set Internal IP to 192.168.1.21  I then set a standard rule to allow traffic to that port.  But it maps to 10.10.100.11 instead and that is not in a nat at all it is a port forward for 10.10.100.11. I have 6 of these they all work but this one and I even tried to use a different public ip and I changed teh internal IP but still it will not map to 192.168.1.21 like it is told to in the NAT. I do have other rules on teh 192.168.1.0 net so it not the net the otehr servers work fine. Any idea?

          1to1nat.jpg
          1to1nat.jpg_thumb
          NATRULE.jpg
          NATRULE.jpg_thumb

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Then you probably have some other rule performing that NAT to 10.10.100.11 instead.

            Post screenshots of your port forwards, your 1:1s, and your rules.

            Or:

            Diagnostics > Command Prompt

            cat /tmp/rules.debug

            Send that output to me in a PM.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.