VIP on outbound NAT not accessible from other clients on same network as VIP
I think this belongs to this subforum, but it also belongs to NAT and Routing.
I will try to explain my problem as good as possible. Let me know if something needs more in depth explaining.
public network: 220.127.116.11/24
private network: 192.168.0.0/24
virtual ip: 18.104.22.168/32
user ip: 22.214.171.124/24
webserver ip: 192.168.0.15/24
wan interface ip: 126.96.36.199/30
lan interface ip: 192.168.0.1/24
opt1 interface ip: 188.8.131.52/24
wan interface = public facing interface, static ip, upstream gateway 184.108.40.206/30
lan interface = private facing interface, static ip, DHCP pool to users
opt1 interface = DHCP server that gives out public ip addresses in 220.127.116.11/24 network
VIP is set as NAT outbound for the private network.
Port forwarding is set on the wan interface with Dest. Address = 18.104.22.168 to NAT IP 192.168.0.15 for port 80 (http)
Access to the webserver and ping to the VIP is ok from the outside and from every interface.
Access is not possible from the user ip 22.214.171.124 that is on opt1 network. (or any other users on that network, except from 126.96.36.199 that is the router)
I have done packet capturing and the only thing I see is a ARP asking who has 188.8.131.52 and to tell 184.108.40.206.
This makes sense but how can I do this so I have a Virtual IP in the same subnet as clients, and that the clients can be routed to the VIP?
Or is this an impossible task.