NAT forwards for all interfaces - problems other servers

mavi · January 5, 2017, 1:21pm

Hi,

I have added a NAT to enable incoming tcp ports from the internet to be forwarded to an internal address and it works fine but I have several servers using the same ports and those server are on the internet - the problem is that the NAT rule forwards all requests to the specified ports to the internal address when I am on the internal network so whatever server I am trying to connect to using port 4280 connects to the internal server…

So, did I do wrong or what can I do to resolve this.

The NAT rule:
add action=dst-nat chain=dstnat dst-port=4280-4286 protocol=tcp to-addresses=192.168.77.245 to-ports=4280-4286

I have tried to specify the incoming interface but when I do that the ports won’t open - should I add a Filter Rule?

The server using 192.168.77.245 is sitting on a switch port in the router and all switch ports are bridged.

Thanks,
Mats

Sob · January 5, 2017, 8:34pm

You need to limit destination address for this rule, because as it is now, it matches packets going to any address. If you have static public address on router, use dst-address=. If not, then use dst-address-type=local.

mavi · January 5, 2017, 10:43pm

Thanks Sob - that worked like a charm.

Five stars and a beer when in Yonkers!

Thanks,
Mats