VIP on outbound NAT not accessible from other clients on same network as VIP
john-arvid last edited by
I think this belongs to this subforum, but it also belongs to NAT and Routing.
I will try to explain my problem as good as possible. Let me know if something needs more in depth explaining.
public network: 22.214.171.124/24
private network: 192.168.0.0/24
virtual ip: 126.96.36.199/32
user ip: 188.8.131.52/24
webserver ip: 192.168.0.15/24
wan interface ip: 184.108.40.206/30
lan interface ip: 192.168.0.1/24
opt1 interface ip: 220.127.116.11/24
wan interface = public facing interface, static ip, upstream gateway 18.104.22.168/30
lan interface = private facing interface, static ip, DHCP pool to users
opt1 interface = DHCP server that gives out public ip addresses in 22.214.171.124/24 network
VIP is set as NAT outbound for the private network.
Port forwarding is set on the wan interface with Dest. Address = 126.96.36.199 to NAT IP 192.168.0.15 for port 80 (http)
Access to the webserver and ping to the VIP is ok from the outside and from every interface.
Access is not possible from the user ip 188.8.131.52 that is on opt1 network. (or any other users on that network, except from 184.108.40.206 that is the router)
I have done packet capturing and the only thing I see is a ARP asking who has 220.127.116.11 and to tell 18.104.22.168.
This makes sense but how can I do this so I have a Virtual IP in the same subnet as clients, and that the clients can be routed to the VIP?
Or is this an impossible task.