Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot get it right: mixing AON with 1:1 mappings

    Scheduled Pinned Locked Moved NAT
    1 Posts 1 Posters 622 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pukkita
      last edited by

      Hi,

      I have a dual wan setup (load balancing) with its AON rules working aparently fine for internal reserved-networks addresses in the LAN.

      I also have several NAT 1:1 mappings from public virtual ips (Ip Alias) on one WAN interface to several internal LAN (reserved-network)  IPs.

      Here's where I'm not sure if I'm getting it right, or funky things are taking place: I understand 1:1 nat will take care of outgoing connections by setting the source address to the public IP, e.g.

      WAN pu.bli.c.ip 
      IP Alias pu.bli.c.ip < –- > 192.168.1.3

      All ips but 192.168.1.3 will get natted for outgoing connections to the internet, so that they will look as if they were coming from WAN pu.bli.v.ip
      192.168.1.3 due to its 1:1 nat should make its source address  'IP Alias pu.blic.ip' on outgoing connections.

      So, should a NO NAT rule be placed (AFAIK it should be the last??? am I wrong??) so that NO NAT is done if source address is 192.168.1.3??? where? before or after the regular outbound NAT rule for all the regular internal IPs??

      I tried several configs and is funny for 192.168.1.3 some connections are natted correctly using "IP Alias pu.bli.c.ip" but some don't, and get natted through any of the 2 WAN NAT rules.

      Yes, I did reset states between changes.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.