Outbound nat issue

jeffreysmith

I am trying to mimic an old cisco firewall configuration which used to send all traffic out on a specific IP address (xxx.xxx.xxx.61/27)

We have a sever setup with 1:1 inbound NAT on IP (195.xxx.xxx.58/27)

Disabled: unticked
Interface: WAN
External Subnet IP : 195.xxx.xxx.58
Internal IP:
          type: Single host
          Address: 10.x.x.149
Destination : any
NAT Reflection : Use system Default ( this is disabled)

Outbound NAT is set to manual and the catch all rule at the bottom on the list of rules is

Do Not Nat: unticked
Interface: WAN
Protocol : any
Source:
      Type: Network
      Address: 10.x.x.x / 20 (this is the whole of our internal LAN range)
    SourcePort: Blank
Destination: any
translation :
      Address: 195.xxx.xxx.61
      Port: blank
      Static-port: unticked
no xmlrpc Sync: unticked

When I try to ssh out from the internal host 10.x.x.149 it shows as coming from the external 195.xxx.xxx.58 address. When I try "wget -qO- http://ipecho.net/plain" from the internal host it is showing 195.xxx.xxx.61.

Any ideas what I have done wrong here?

jeffreysmith

My guess for this is that 1:1 NAT takes precedence over the outbound NAT Rules and passes all the traffic for this server out on 195.xxx.xxx.58.

I changed this from a 1:1 NAT to port forward just ssh and it seems to be routing all traffic out of 195.xxx.xxx.61.