1:1 NAT but limit inbound only from a list of IP addresses
-
I have 1:1 NAT working with 192.168.10.1 as my internal NATed address. I want to restrict only certain IP external ranges to be able to send me traffic to the NATed device. My firewall rule for WAN is IPv4 * * 192.168.10.1 * * none. Everything works fine, but when I change the rule to include a source address of one of the external IPs i want to restrict, I see blocks in the firewall not allowing the traffic. Doesn't make any sense to me. I have Proxy ARP chosen for my VIP option for the external IP. Do I need to create an alias with all list of IPs I want to allow and make that the source in the WAN firewall rule? I refreshed my states, etc. when I changed the working rule. I am on 2.1.4. Couldn't get 2.2 to NAT at all. Any help is appreciated. There are lots of tutorials on NAT, but I couldn't find any that deal with only accepting NATed traffic from specific IP ranges. I have five external statics at this location.