Dual WAN - Setting 1:1 NAT Causes not able to ping out.
-
I have 2 ISP , a LAN and DMZ , version 2.3.3 fresh install
ISP 1 - 1.1.1.1/27 - WAN
isp 2 - 2.2.2.2/28 - WAN2
lan 10.10.10.1/24 - LAN
DMZ 10.9.8.1/24 - DMZFirewall rules are as follows (basically allow LAN to any , and block DMZ from LAN, and allow DMZ to any after that.
I have a gw group setup with the trigger at packet loss or high latency.LAN
States Protocol Source Port Destination Port Gateway Queue Schedule Description Actions 0 /1.09 MiB * * * LAN Address 80 * * Anti-Lockout Rule 19 /10.61 MiB IPv4 TCP/UDP * * * * * none 0 /0 B IPv4 TCP/UDP LAN address * LAN address * * none lan any 0 /15 KiB IPv4 * LAN net * * * * none Default allow LAN to any rule 0 /0 B IPv6 * LAN net * * * * none Default allow LAN IPv6 to any rule
DMZ
States Protocol Source Port Destination Port Gateway Queue Schedule Description Actions 0 /0 B IPv4 * DMZ net * LAN net * * none BLOCK DMZ to LAN 1 /3.78 MiB IPv4 * DMZ net * * * * none DMZ to ANY ``` I am able to ping google.com as it stands, but I need to set external IP to a machine on the DMZ, once I set a 1:1 the server on the DMZ is unable to ping out. Before 1:1 NAT
it@ispconfig:~$ ping google.com
PING google.com (216.58.219.14) 56(84) bytes of data.
64 bytes from lax17s03-in-f14.1e100.net (216.58.219.14): icmp_seq=1 ttl=54 time=11.8 ms
64 bytes from lax17s03-in-f14.1e100.net (216.58.219.14): icmp_seq=2 ttl=54 time=11.8 ms
64 bytes from lax17s03-in-f14.1e100.net (216.58.219.14): icmp_seq=3 ttl=54 time=11.8 ms
^C
--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 11.865/11.880/11.890/0.126 ms
it@ispconfig:~$ traceroute google.com
traceroute to google.com (216.58.219.14), 30 hops max, 60 byte packets
1 10.9.8.1 (10.9.8.1) 0.221 ms 0.199 ms 0.255 ms
2 1.1.1.1 (1.1.1.1) 0.569 ms 0.622 ms 0.620 ms
3 216.2.140.117 (216.2.140.117) 1.851 ms 1.851 ms 1.872 ms
4 216.156.16.32.ptr.us.xo.net (216.156.16.32) 11.996 ms 11.988 ms 12.042 ms
5 207.88.12.222.ptr.us.xo.net (207.88.12.222) 12.064 ms 12.104 ms 12.092 ms
6 207.88.13.27.ptr.us.xo.net (207.88.13.27) 12.205 ms 11.930 ms 11.961 ms
7 216.0.6.42 (216.0.6.42) 11.719 ms 11.799 ms 12.628 ms
8 108.170.247.193 (108.170.247.193) 11.934 ms 108.170.247.225 (108.170.247.225) 11.896 ms 108.170.247.193 (108.170.247.193) 11.959 ms
9 108.170.237.143 (108.170.237.143) 12.023 ms 12.082 ms 108.170.237.141 (108.170.237.141) 12.039 ms
10 lax17s03-in-f14.1e100.net (216.58.219.14) 12.005 ms 11.959 ms 11.923 msAfter setting 1:1 NAT as follows Interface : WAN External Subnet : 1.1.1.3 internal IP: Single Host 10.9.8.15 Destination : Any Once I submit this and try to traceroute I get this
it@ispconfig:~$ traceroute google.com
traceroute to google.com (216.58.219.14), 30 hops max, 60 byte packets
1 10.9.8.1 (10.9.8.1) 0.307 ms 0.310 ms 0.325 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *this happens on the 2 machines I have in the DMZ Net. As soon as I delete this 1:1 nat it begins working again. I have been struggling with this for 2 days now, ANy help would be much appreciated. if any addt'l info is needed let me know ill post ASAP. Thanks in advanced.