Port Forward not working to static IP (multi-WAN)

snewby · Jul 7, 2021, 3:12 PM

I've been pulling my hair out over the last few days trying to get this to work. First off, a little background. We have a multi-WAN setup. I'm trying to get a remote desktop gateway server accessible from the internet on our second WAN. We have AT&T business fiber and purchased a static IP block for this purpose. First off AT&T has a weird setup for this with their "public subnet hosts" option in their modem/router. I really thought the issue was there but I had a long support call with them and they say the modem is configured correctly. The first static IP in our block is assigned to our secondary WAN interface and that is working perfectly fine. I also have an OpenVPN instance connecting to that IP and this also works. The issue is when I try and use the next IP in our block and port-forward this to a remote desktop gateway server behind the firewall. I create a NAT port-forward rule as usually but it does not work and I can't see any reason why it wouldn't. Maybe it is related to having a multi-WAN setup? The rule for OpenVPN on this WAN works fine but that is not a NAT port-forward. Below are my firewall rules, for security reasons I have blanked out the full IP's. I'm also including my LAN rules incase there is any issue there. any help is appreciated.

dotdash · Jul 7, 2021, 3:15 PM

@snewby
If you're not on 2.5.2, update. There was a bug with port forwards on the non default WAN in 2.5.1. As always, make a backup of the config, have a copy of the previous install media, and be prepared to install from scratch if the upgrade goes south...

snewby · Jul 7, 2021, 3:32 PM

@dotdash oh, I didn't realize 2.5.1 still had that bug, thought that was only in 2.5.0. We are not on the latest release so I will try that upgrade this weekend and report back if that resolves our issue.

snewby · Jul 13, 2021, 3:53 PM

Wanted to post a quick follow-up to say this is now working, thanks @dotdash for the info on the update! In our case though we also needed to add "virtual IPs" and specifically IP Alias before the port forwarding rules would work. We have a static IP block from our ISP and it wasn't clear from the documentation that the IP alias were required. I had thought I could just create NAT rules with the static IP as the destination but apparently it has to be setup as an IP alias first, maybe so it's bound to the interface? Not sure but I wanted to leave that info here in case anyone else has the same question.

viragomann · Jul 13, 2021, 4:37 PM

@snewby said in Port Forward not working to static IP (multi-WAN):

I had thought I could just create NAT rules with the static IP as the destination

This requires that the additonal IPs are routed to your primary WAN IP.
If this is not the case you have to assign them as virtual IPs, otherwise the packets never reach your WAN on L2 base.