Ok Gurus can someone please explain to me DST nats. I understand the concept of it all but cannot get to work. I have used prerouting but didn’t want to do that so how do I do the following.
192.168.1.0/24 internal on eths2,3 bridge
192.168.2.0/24 on eth 1 to Wan 1
10.0.0.1/8 on eth 4 to a proxy which goes to WAN2
192.168.3.0/24 on eth5 which goes direct to WAN 2
Users have proxy settings in IE pointing to proxy on 10.0.0.254.
Prerouting routes all traffic to WAN 2.
So I have client computers using a proxy for port 80 which monitors bandwidth and rules etc and then all other traffic via WAN2 direct. WAN 1 is failover but has other functions. I NAT on SRC from private to public (10.0.0.1, 2 & 3).
As I said it all works but if I untick proxy they go via eth5 not 4 as expected. I can lock this down software wise but I thought I could just say no access to port 80 via eth 5 for this group of users so if they untick the proxy it fails as no route out but I can’t get it to work I either stop all internet traffic for them or it lets them go out via eth5. Is there a simple way of saying no internet access to group1 via eth5. I assume I being a lemon and this is simple. I can’t just block port 80 on eth5 as its used for group 2 who have no limitations of proxy etc.