Outbound nat issue
-
I am trying to mimic an old cisco firewall configuration which used to send all traffic out on a specific IP address (xxx.xxx.xxx.61/27)
We have a sever setup with 1:1 inbound NAT on IP (195.xxx.xxx.58/27)
Disabled: unticked
Interface: WAN
External Subnet IP : 195.xxx.xxx.58
Internal IP:
type: Single host
Address: 10.x.x.149
Destination : any
NAT Reflection : Use system Default ( this is disabled)Outbound NAT is set to manual and the catch all rule at the bottom on the list of rules is
Do Not Nat: unticked
Interface: WAN
Protocol : any
Source:
Type: Network
Address: 10.x.x.x / 20 (this is the whole of our internal LAN range)
SourcePort: Blank
Destination: any
translation :
Address: 195.xxx.xxx.61
Port: blank
Static-port: unticked
no xmlrpc Sync: untickedWhen I try to ssh out from the internal host 10.x.x.149 it shows as coming from the external 195.xxx.xxx.58 address. When I try "wget -qO- http://ipecho.net/plain" from the internal host it is showing 195.xxx.xxx.61.
Any ideas what I have done wrong here?
-
My guess for this is that 1:1 NAT takes precedence over the outbound NAT Rules and passes all the traffic for this server out on 195.xxx.xxx.58.
I changed this from a 1:1 NAT to port forward just ssh and it seems to be routing all traffic out of 195.xxx.xxx.61.