I have a very simple setup that I can't get to work properly.
RB/433AH
Ether 2 = public network x.x.x.118/27
Network = x.x.x.96
Broadcast = x.x.x.127
Ether 3 = private network 192.168.0.254/24
Network = 192.168.0.0
Broadcast = 192.168.0.255
Default route Destination 0.0.0.0/0, Gateway x.x.x.97
NAT Chain srcnat, Source Address 192.168.0.0/24, Action masquerade
NAT additional entries created for HTTP, FTP, MAIL, and SSH - all work as expected, i.e., I can SSH into x.x.x.118 and connect to 192.168.0.160.
At this point IP address 118 works as expected. Everyone on the private LAN can set the Internet. Everyone on the outside can access the HTTP, FTP and mail servers via x.x.x.118. For that one IP address, life is good.
The ISP has assigned us six IP address out from the /27 pool. We have x.x.x.118 to x.x.x.123. IP addresses 119 - 123 are needed to access proprietary software running on the private network.
Using x.x.x.119 as the example.
I added x.x.x.119/32 to the address list and assigned it to ether2. At that point I could PING x.x.x.19.
I added two NAT rules:
Chain dstnat, Dst. Address x.x.x.119, Protocol 6(tcp), Dst. Port 22, Action dst-nat, To Addresses 192.168.0.160 (same as x.x.x.118 - for testing purposes only, requires .ssh adjustment on the host computer), To Ports 22.
Chain dstnat, Dst. Address x.x.x.119, Protocol 6(tcp), Dst. Port 80, Action dst-nat, To Addresses 192.168.0.163, To Ports 80.
Can ping, but SSH just hangs on x.x.x.119. Sometimes SSH to x.x.x.119 works, sometimes it doesn't. The same thing happens with port 80. Sometimes it works with x.x.x.119 and sometimes it doesn't.
IP address x.x.x.118 continues to work without any problems.
What do I need to do?