Nat Rule applied to Ipsec tunnel

in4ni · February 2, 2015, 4:52pm

I have a simple NAT rule to redirect port 80 to my DVR (see below) ether 1 is my WAN interface
;;; DVR
chain=dstnat action=dst-nat to-addresses=192.168.2.60 to-ports=8866
protocol=tcp in-interface=ether1 dst-port=8866

Today I established a IPsec tunnel however ALL port 80 requests (no matter the IP) from the remote locations are getting re-directed to to my DVR using the NAT rule, How can I prevent the NAT rule from applying to tunneled traffic?

Thank you

jarda · February 2, 2015, 7:03pm

There is nothing about port 80 in your rule. There is probably other rule that makes it…

in4ni · February 2, 2015, 7:39pm

here is the rule
chain=dstnat action=dst-nat to-addresses=192.168.2.60 to-ports=80-81
protocol=tcp in-interface=ether1 dst-port=80-81

jarda · February 3, 2015, 6:30am

What about using exclusion on src address?

in4ni · February 3, 2015, 11:20am

That is a good Idea, Ill give it a try

Thank you