I am trying to set up forwarding rules to redirect traffic from one to another device within the same LAN so I can silently migrate services from one server to another without having to change IP adresses for everyone that’s on the LAN network. Once all services are migrated the new server will be assigned the IP of the old one and the redirect rules will be disabled.
In a bit more detail. What I’m trying to achieve is forwarding data going to old server (192.168.10.125 port 150) to new server (192.168.10.126 port 10000).
So far I managed to set up the following rules:
add action=masquerade chain=srcnat comment="Allow internet access through WAN port" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="External forward does work" dst-address-list=Home dst-port=150 protocol=tcp to-addresses=192.168.10.126 to-ports=10000
add action=dst-nat chain=dstnat comment="Internal forward does not work" dst-address=192.168.10.125 dst-port=150 protocol=tcp to-addresses=192.168.10.126 to-ports=10000
add action=masquerade chain=srcnat comment="Give Lan access to local devices via WAN IP" dst-address-list=LAN out-interface=bridge src-address-list=LAN
The port forward using the WAN ip works but through the LAN forward it just times out. I’ve spent nearly the entire day trying different setups and reading up on Hairpin NAT but I’m at a total loss on this one. I hope someone can help me solve this problem.