Issue with NAT and internal Subnets

Spartacus · August 9, 2018, 12:39pm

Hi,
I have several internal subnets with WAN Access and the following NAT-Rule:

add action=masquerade chain=srcnat comment="masquerade LAN->WAN" out-interface-list=WAN

Internet works for all VLAN Subnets, but I have an issue with Multicast Routing within my subnets. If I disable the NAT Rule (only for test purposes), everything works! So I think, I have to exclude all internal Subnes from SrcNat. But I am struggling with the configuration. All attempts failed! I have a dynamic WAN IP from ISP.

Can someone help me to change my NAT rule?
Thanks,
Christian

Anumrak · August 9, 2018, 12:50pm

Does interface list “WAN” contains only your ISPs interfaces?

Spartacus · August 9, 2018, 12:53pm

Hi,
yes, it is ether1 (WAN)
Christian

Anumrak · August 9, 2018, 1:00pm

What ROS and firmware version do you use?

Spartacus · August 9, 2018, 1:38pm

Hi,
I use 6.42.6 and FW3.41 on RB3011
Christian

proximus · August 9, 2018, 3:15pm

Given the issue as you describe it, give this a try …

add action=masquerade chain=srcnat comment="masquerade LAN->WAN" out-interface-list=WAN src-address-type=!multicast

Spartacus · August 9, 2018, 3:47pm

Hi,
thanks for the modification of the NAT-Rule, but it is not working!

Let me try to explain the whole story. Maybe some has an idea:
I have Sonos palyers on vlan30 and controller on vlan10 and vlan60 (interface-list “Sonos Control”). PIM is working and I implemented the following FW-rules:

add action=accept chain=forward comment="SONOS: forward Multicast traffic" \
    dst-address=239.255.255.250
add action=accept chain=forward comment=\
    "SONOS: forward  Controller events to Players" dst-port=1400,4444,4070 \
    in-interface-list="Sonos Control" out-interface=vlan30 protocol=tcp
add action=accept chain=forward comment=\
    "SONOS: Forward Contoller events  from Players" dst-port=\
    3400,3401,3500,4070 in-interface=vlan30 out-interface-list=\
    "Sonos Control" protocol=tcp
add action=accept chain=forward comment=\
    "SONOS. Forward UPnP Device Discovery events from Players" dst-port=\
    1900,1901,5353,6969 in-interface=vlan30 out-interface-list=\
    "Sonos Control" protocol=udp

Sonos works across different subnets as long as player and controller were initially setup in the same subnet.

This means:
My issue is only present for initial player/controller setup, although all relevant ports are free (checked with Sonos support). I cannot connect new players/controllers to the Sonos system if player and controller are in different subnets.

Workaround:
bring new player/controller to vlan30 (Sonos SubNet), temporary!

But:
If I disable the NAT Rule (see above) I can connect new devices accross the subnets and I do not understand why this is the case!
This must have something to do with the NAT-Rule

Christian