Hello,
i dont understand why the following firewall nat rule doesnt work:
The ethernet interface to my upstream connection is named "ISP_UP". The external ip address on the outgoing interface is. lets say, 42.23.1.15/30, my internal, RFC1918 net is 192.168.1.0/24
So, for configuring outgoing SRC-NAT from my rb2011 outwards i did use the following rule:
add action=src-nat chain=srcnat comment="Outgoing NAT" src-address=\
192.168.1.0/24 to-addresses=42.23.1.15 out-interface=ISP_UP
THIS RULE DIDNT WORK?! But when i remove the "out-interface" from the rule
add action=src-nat chain=srcnat comment="Outgoing NAT" src-address=\
192.168.1.0/24 to-addresses=42.23.1.15
it does work. Similiar problem with the dst-nat rule. I did use
add action=dst-nat chain=dstnat comment="ssh from extip to linux-server" dst-address=42.23.1.15 \
dst-port=1234 protocol=tcp to-addresses=192.168.1.2 to-ports=22
This rule does work, but off course it will also nat internal connections to ssh to the external ip of router, which is quite unpractical. Therefore i added the incoming interface to the nat rule like this
add action=dst-nat chain=dstnat comment="ssh from extip to linux-server" dst-address=42.23.1.15 \
dst-port=1234 protocol=tcp to-addresses=192.168.1.2 to-ports=22 in-interface=ISP_UP
and hoped nat will only be used for external conections from the internet. But it still nats all connections going to the linux servers ssh port.
So, what i did get wrong about the "out-interface" and "in-interface"?
cheers,
TychoX