Hello,
Perhaps I am not understanding this correctly.
Our network has 100 internal clients running on a 192.168.1.0/24 subnet.
We have a /30 from our ISP assigned to the router.
We have another /29 from our ISP that is routed to our /30. (For example it is 1.1.1.0/29)
I run NAT on the router for all the 192.168.1.0/24 clients who exit our router to go to the internet (They show as our /30 address) This works perfectly.
I want to assign a 1:1 NAT from one of our 1.1.1.0/29 addresses to an internal client (192.168.1.50 for example)
I can achieve this with the following config
chain=dstnat action=netmap to-addresses=192.168.1.50 dst-address=1.1.1.2
chain=srcnat action=netmap to-addresses=1.1.1.2 src-address=192.168.1.50
chain=srcnat action=masquerade out-interface=INTERNET FEED
This works correctly for the most part. I can access 1.1.1.2 from the outside world and it directs to 192.168.1.50 without a problem.
When I check from 192.168.1.50, it shows up as 1.1.1.2 from the internet. So this is good as well.
All the other clients get NATed and show as our regular /30 address assigned by our ISP. So this is good as well.
My PROBLEM is this…
I would LIKE that if another internal client (Example 192.168.1.222) tries to access 1.1.1.2, it will direct to 192.168.1.50.
Currently this does not happen, or if it does, it does not reliably happen.
Am I missing something in my config? Should I have other parameters/rules to ensure that internal clients can also access our “external” addresses?
Currently I need to set up 2 different links on client laptops. One for internally on our network, and one for externally if they are mobile. I would like to have both situations work with the external address only, and not need to have 2 different links.
Thank you!