VIP on outbound NAT not accessible from other clients on same network as VIP



  • I think this belongs to this subforum, but it also belongs to NAT and Routing.

    I will try to explain my problem as good as possible. Let me know if something needs more in depth explaining.

    public network: 8.8.8.0/24
    private network: 192.168.0.0/24

    virtual ip: 8.8.8.6/32
    user ip: 8.8.8.43/24
    webserver ip: 192.168.0.15/24
    wan interface ip: 4.4.4.2/30
    lan interface ip: 192.168.0.1/24
    opt1 interface ip: 8.8.8.1/24

    wan interface = public facing interface, static ip, upstream gateway 4.4.4.1/30
    lan interface = private facing interface, static ip, DHCP pool to users
    opt1 interface = DHCP server that gives out public ip addresses in 8.8.8.0/24 network

    VIP is set as NAT outbound for the private network.
    Port forwarding is set on the wan interface with Dest. Address = 8.8.8.6 to NAT IP 192.168.0.15 for port 80 (http)
    Access to the webserver and ping to the VIP is ok from the outside and from every interface.
    Access is not possible from the user ip 8.8.8.43 that is on opt1 network. (or any other users on that network, except from 8.8.8.1 that is the router)

    I have done packet capturing and the only thing I see is a ARP asking who has 8.8.8.6 and to tell 8.8.8.43.

    This makes sense but how can I do this so I have a Virtual IP in the same subnet as clients, and that the clients can be routed to the VIP?
    Or is this an impossible task.

    \JAK