Outbound nat issue
I am trying to mimic an old cisco firewall configuration which used to send all traffic out on a specific IP address (xxx.xxx.xxx.61/27)
We have a sever setup with 1:1 inbound NAT on IP (195.xxx.xxx.58/27)
External Subnet IP : 195.xxx.xxx.58
type: Single host
Destination : any
NAT Reflection : Use system Default ( this is disabled)
Outbound NAT is set to manual and the catch all rule at the bottom on the list of rules is
Do Not Nat: unticked
Protocol : any
Address: 10.x.x.x / 20 (this is the whole of our internal LAN range)
no xmlrpc Sync: unticked
When I try to ssh out from the internal host 10.x.x.149 it shows as coming from the external 195.xxx.xxx.58 address. When I try "wget -qO- http://ipecho.net/plain" from the internal host it is showing 195.xxx.xxx.61.
Any ideas what I have done wrong here?
My guess for this is that 1:1 NAT takes precedence over the outbound NAT Rules and passes all the traffic for this server out on 195.xxx.xxx.58.
I changed this from a 1:1 NAT to port forward just ssh and it seems to be routing all traffic out of 195.xxx.xxx.61.