My CHR has 3 interfaces: ether1, ether2 for LAN and ether3 for LAN
I created vlan interface vlan106 and vlan570 on ether1 -->then added IP 1.1.1.1 and 2.2.2.2 to correct VLAN and it works (ping able from public).
ether2 reserved for LAN with subnet 192.168.1.0/24
ether3 reserved for LAN with subnet 172.16.3.0/24
I created a NAT rules like below:
4 chain=srcnat action=src-nat to-addresses=2.2.2.2 src-address=!172.16.3.0/24 log=no log-prefix=“”
5 chain=srcnat action=src-nat to-addresses=1.1.1.1 src-address=!192.168.1.0/24 log=no log-prefix=“”
Then i tested connection from 172.16.3.0/24 the NAT listed from website https://www.ip2location.com always returns to 1.1.1.1
in rule 4 you defined “src-address=!172.16.3.0/24” and that “!” means “not”
in rule 5 you defined “src-address=!192.168.1.0/24” and again “!” means not
So when you used client with IP address from 172.16.3.0/24 … NAT came to rule number 4 and decided it did not apply (src IP address WAS from 172.16.3.0/24), then it checked rule number 5 and decided it did apply (src IP address WAS NOT from 192.168.1.0/24) and used it.
It seems like you really want to change your src-address rules settings and omit the not sign “!”.
