Bridge LAN interfaces -> WAN NAT fails for one interface
-
I have a 4 nic box that has 1 WAN and 3 LAN interfaces. I bridged the 3 LAN interfaces together and assigned an IP to the Bridge interface.
All routing between Bridge interfaces are working so LAN can see WIFI interfaces all PC's can get DHCP from main server on LAN and see all shares on network as expected.
The LAN interface can ping google but the WIFI interface users can not.
Watching TCPDump on firewall I can see pings come in for all interfaces, I see ping from WIFI interface go out the WAN interface but not NATed… WIFI goes out WAN as local LAN addressing. LAN goes out WAN as WAN address (As expected) and ping is returned. Ping gets to other end but has private address assigned to it so ping is never returned.
Basic Auto Outbound NAT is enabled.
What would cause 1 interface of a bridge to NAT and not another?
-
Actually upon further review, the only interface that can get NAted correctly is the LAN interface the Opt interface and the WIFI interface both fail to NAT and keep sending their private IP out the WAN interface.
-
If I remove the interfaces from the bridge and assign an IP to the interface then I can get Nated out correctly. When we add the interfaces bac to bridge and remove IP addresses from interface then local access works fine but again these 2 interfaces do not NAT out WAN they just go out WAN as is.
-
Examine the firewall rules for all member interfaces.
-
Since you are seeing packets leaving the WAN interface still with private LAN IPs, the firewall rules must be passing the traffic OK. Look in /tmp/rules.debug and see the rules that mention NAT. If you can't make sense of them yourself, then post them, along with a bit of detail on what IP address(es) are set on which interfaces.
