Public IP Multiwan NAT Configuration Question
-
Hello Everyone.
We have the following setup with PFS+ on Netgate 1541 server:
-
Multiwan from the ISP via 2 /30 subnets that are connected via PFS WAN1 and WAN2
-
2 Public /24's that are statically routed via the above /30s by the ISP. Lets call these Public IP VLANs A and B
-
3 NAT /24's. Lets call these VLANS C,D,E
I have PFS in Hybrid Nat outbound Mode.
I have NO-NAT rules created for both public VLANs A and B for each WAN interface as described in the PFS GuideI have Firewall routes that enable policy based routing for appropriate gateway from each VLAN (I tried Gateway Load balancing but also locking down to a specific gateway WAN1 or WAN2)
Everything works well - Machines on public IP vlans AB are accessible as per firewall rule
Machines on NAT vlans CDE are able to get outside using NAT and access everything per firewall rulesExcept:
Neither 1:1 NAT, nor port forwarding work in any of the following scenarios:
Scenario 1: 1:1 NAT
Virtual IP on VLAN A (Public) Configured in PROXYARP mode
1:1 NAT configured using Public IP Address on VLAN A, NATTING to Private IP on VLAN C. (Example: 3.3.3.3 Public on VLAN A maps to 10.10.3.3 on VLANC)
Attempting to reach 3.3.3.3 from the internet - nothing. PFS does not NAT the traffic. Firewall configured to allow access for both.Scenario 2: Port forwarding with Virtual IP
Virtual IP on VLAN A (public) configured as IP ALIAS (i.e. PFS owns the IP)
Port forwarding ANY-ANY configured from VLAN A (3.3.3.3 example) to VLAN C (10.10.3.3).Attempting to reach 3.3.3.3 from the internet works, but PFS is hit (for example get pfs admin on port 443), but actual port forwarding does not work at all.
Can anyone point out what is wrong with this setup and why 1:1 NAT is not working in this case? I suspect it has something to do with the way public subnets are hosted on PFS with NAT disabled but this is just my guess.
Any help will be appreciated!
-
-
Here is the visual of the configuration with made up Public IPs
