Automatic outbound NAT rules incorrect for static routes

aaaskew

I believe there is an issue with the automatically generated outbound NAT rules when static routes are defined.

What I see:

• All RFC 1918 private subnets (10.x.x.x 192.168.x.x, etc) are added from the static route list irrespective of it the which interface they appear on (could be on WAN interface incorrectly).
• Non RFC 1918 subnets that are on an internal gateway are not added to the automatic outbound NAT rule either.

What I expect:

• All subnets, in the static route list but only with a gateway on the LAN interface (not the WAN interface) should be added to the automatic outbound NAT rules.

To test the issue:

1. WAN interface: 10.10.0.100/24 Default GW10.10.0.1 & turn off RFC1918 filtering
2. LAN interface: 192.168.0.1/24
3. Add gateway: InternalGW 192.168.0.100
4. Add static route for InternalGW: 192.168.10.0/24
5. Add static route for InternalGW: 212.10.20.0/24
6. Add gateway: OtherExternalGW 10.10.0.50
7. Add static route for OtherExternalGW: 192.168.20.0/24
8. Add static route for OtherExternalGW: 212.10.30.0/24
9. Look at the NAT - Outbound automatic NAT rules and see that it includes 192.168.10.0/24 (OK) and 192.168.20.0/24 (Error) and also it does not include 212.10.20.0/24 (Error)

Can anyone else confirm this behaviour? I assume I need to raise a Redmine bug.