Dual WAN - Setting 1:1 NAT Causes not able to ping out.

bacon8tor

I have 2 ISP , a LAN and DMZ , version 2.3.3 fresh install
ISP 1 - 1.1.1.1/27    -  WAN
isp 2 - 2.2.2.2/28    -  WAN2
lan 10.10.10.1/24    - LAN
DMZ 10.9.8.1/24    - DMZ

Firewall rules are as follows (basically allow LAN to any , and block DMZ from LAN, and allow DMZ to any after that.
I have a gw group setup with the trigger at packet loss or high latency.

LAN

States	Protocol	Source	Port	Destination	Port	Gateway	Queue	Schedule	Description	Actions
0 /1.09 MiB 
*	*	*	LAN Address	80	*	*		Anti-Lockout Rule	
19 /10.61 MiB
IPv4 TCP/UDP	*	*	*	*	*	none	 		    
		0 /0 B
IPv4 TCP/UDP	LAN address	*	LAN address	*	*	none	 	lan any	    
		0 /15 KiB
IPv4 *	LAN net	*	*	*	*	none	 	Default allow LAN to any rule	    
		0 /0 B
IPv6 *	LAN net	*	*	*	*	none	 	Default allow LAN IPv6 to any rule	    

DMZ

	States	Protocol	Source	Port	Destination	Port	Gateway	Queue	Schedule	Description	Actions
		0 /0 B
IPv4 *	DMZ net	*	LAN net	*	*	none	 	BLOCK DMZ to LAN	    
		1 /3.78 MiB
IPv4 *	DMZ net	*	*	*	*	none	 	DMZ to ANY	

```   

I am able to ping google.com as it stands, but I need to set external IP to a machine on the DMZ, once I set a 1:1 the server  on the DMZ is unable to ping out.

Before 1:1 NAT

it@ispconfig:~$ ping google.com
PING google.com (216.58.219.14) 56(84) bytes of data.
64 bytes from lax17s03-in-f14.1e100.net (216.58.219.14): icmp_seq=1 ttl=54 time=11.8 ms
64 bytes from lax17s03-in-f14.1e100.net (216.58.219.14): icmp_seq=2 ttl=54 time=11.8 ms
64 bytes from lax17s03-in-f14.1e100.net (216.58.219.14): icmp_seq=3 ttl=54 time=11.8 ms
^C
--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 11.865/11.880/11.890/0.126 ms
it@ispconfig:~$ traceroute google.com
traceroute to google.com (216.58.219.14), 30 hops max, 60 byte packets
1  10.9.8.1 (10.9.8.1)  0.221 ms  0.199 ms  0.255 ms
2  1.1.1.1 (1.1.1.1)  0.569 ms  0.622 ms  0.620 ms
3  216.2.140.117 (216.2.140.117)  1.851 ms  1.851 ms  1.872 ms
4  216.156.16.32.ptr.us.xo.net (216.156.16.32)  11.996 ms  11.988 ms  12.042 ms
5  207.88.12.222.ptr.us.xo.net (207.88.12.222)  12.064 ms  12.104 ms  12.092 ms
6  207.88.13.27.ptr.us.xo.net (207.88.13.27)  12.205 ms  11.930 ms  11.961 ms
7  216.0.6.42 (216.0.6.42)  11.719 ms  11.799 ms  12.628 ms
8  108.170.247.193 (108.170.247.193)  11.934 ms 108.170.247.225 (108.170.247.225)  11.896 ms 108.170.247.193 (108.170.247.193)  11.959 ms
9  108.170.237.143 (108.170.237.143)  12.023 ms  12.082 ms 108.170.237.141 (108.170.237.141)  12.039 ms
10  lax17s03-in-f14.1e100.net (216.58.219.14)  12.005 ms  11.959 ms  11.923 ms

After setting 1:1 NAT as follows
Interface : WAN
External Subnet : 1.1.1.3
internal IP: Single Host 10.9.8.15
Destination : Any

Once I submit this and try to traceroute I get this

it@ispconfig:~$ traceroute google.com
traceroute to google.com (216.58.219.14), 30 hops max, 60 byte packets
1  10.9.8.1 (10.9.8.1)  0.307 ms  0.310 ms  0.325 ms
2  * * *
3  * * *
4  * * *
5  * * *
6  * * *

this happens on the 2 machines I have in the DMZ Net. As soon as I delete this 1:1 nat it begins working again.
I have been struggling with this for 2 days now, ANy help would be much appreciated. if any addt'l info is needed let me know ill post ASAP.
Thanks in advanced.