Outbound nat issue

  • I am trying to mimic an old cisco firewall configuration which used to send all traffic out on a specific IP address (xxx.xxx.xxx.61/27)

    We have a sever setup with 1:1 inbound NAT on IP (195.xxx.xxx.58/27)

    Disabled: unticked
    Interface: WAN
    External Subnet IP : 195.xxx.xxx.58
    Internal IP:
              type: Single host
              Address: 10.x.x.149
    Destination : any
    NAT Reflection : Use system Default ( this is disabled)

    Outbound NAT is set to manual and the catch all rule at the bottom on the list of rules is

    Do Not Nat: unticked
    Interface: WAN
    Protocol : any
          Type: Network
          Address: 10.x.x.x / 20 (this is the whole of our internal LAN range)
        SourcePort: Blank
    Destination: any
    translation :
          Address: 195.xxx.xxx.61
          Port: blank
          Static-port: unticked
    no xmlrpc Sync: unticked

    When I try to ssh out from the internal host 10.x.x.149 it shows as coming from the external 195.xxx.xxx.58 address. When I try "wget -qO- http://ipecho.net/plain" from the internal host it is showing 195.xxx.xxx.61.

    Any ideas what I have done wrong here?

  • My guess for this is that 1:1 NAT takes precedence over the outbound NAT Rules and passes all the traffic for this server out on 195.xxx.xxx.58.

    I changed this from a 1:1 NAT to port forward just ssh and it seems to be routing all traffic out of 195.xxx.xxx.61.

Log in to reply