[How to] dstnat on Vlan (Internet)

bekax5 · May 22, 2016, 6:36pm

Hi all,

I receive my internet through a VLAN on eth1.
I have setup a vlan interface on that input, a masquerade on that vlan and now I’m receiving IP from ISP’s DHCP and Internet is working ok!

I’m having an issue although which is related to NAT.
I was trying to forward some ports but they are not actually being “opened”.

How would one setup dstnat for a vlan interface?

Neither of those is working:

;;; Port Forwarding
      chain=dstnat action=dst-nat to-addresses=10.0.0.28 to-ports=21 
      protocol=tcp dst-address-type=local dst-port=21

;;; Port Forwarding
      chain=dstnat action=dst-nat to-addresses=10.0.0.28 to-ports=21 
      protocol=tcp dst-address-type=local in-interface=eth1-vlan12 dst-port=21

bekax5 · May 22, 2016, 11:02pm

I managed to find out the issue.

Turns out I had one wrong Firewall filter rule:

chain=forward action=drop connection-state=new connection-nat-state=!dstnat
      in-interface=bridge-vlan12 log=no log-prefix=""

I forgot to add the ! in the “connection-nat-state=dstnat” and so I was dropping everything that was on the NAT

Regards!