NAT with Multi-Gateway problems
Posted: Wed Mar 08, 2017 6:55 pm
I'm having some issue using a CCR1036 with software release 6.38.3, I'm trying to nat some LAN IP classes on specific public IP addresses
Example configuration:
[/color]
[/color]
[/color]
With this configuration only the NAT using IPs 192.168.1.0/24 works, but the other class (192.168.2.0/24) not.
I've done some debugging using packet sniffer/tcpdump, if I try to ping a remote server on other network (OVH Server), on the server I've this dump:
Here it seems all ok, but if we take a look at the packet sniffer on the CCR (filtered by the $my_remote_server):
The following string is weird I don't know what is this IP address and it appears only using a device with an IP address in the subnet 192.168.2.0/24
With a telnet it generates an entry like the code below (src port and dst port are ALWAYS the same)
Any ideas?
Example configuration:
Code: Select all
ip route print
0 A S 0.0.0.0/0 1.1.1.254 1
1 S 0.0.0.0/0 2.2.2.254 1
2 ADC 1.1.1.0/24 1.1.1.1 Vlan1111 0
3 ADC 2.2.2.0/24 2.2.2.1 Vlan2222 0
4 ADC 192.168.1.0/24 192.168.1.254 vlan11 0
5 ADC 192.168.2.0/24 192.168.2.254 vlan22 0
Code: Select all
ip firewall nat print
chain=srcnat action=src-nat to-addresses=1.1.1.1 src-address=192.168.1.1-192.168.1.10
chain=srcnat action=src-nat to-addresses=1.1.1.2 src-address=192.168.1.11-192.168.1.20
...
chain=srcnat action=src-nat to-addresses=2.2.2.1 src-address=192.168.2.1-192.168.2.10
chain=srcnat action=src-nat to-addresses=2.2.2.2 src-address=192.168.2.11-192.168.2.20
...
Code: Select all
ip address print
0 1.1.1.1/24 1.1.1.0 Vlan1111
1 1.1.1.2/24 1.1.1.0 Vlan1111
[...]
6 2.2.2.1/24 2.2.2.0 Vlan2222
7 2.2.2.2/24 2.2.2.0 Vlan2222
[...]
8 192.168.1.254/24 192.168.1.0 vlan11
9 192.168.2.254/24 192.168.2.0 vlan22
With this configuration only the NAT using IPs 192.168.1.0/24 works, but the other class (192.168.2.0/24) not.
I've done some debugging using packet sniffer/tcpdump, if I try to ping a remote server on other network (OVH Server), on the server I've this dump:
Code: Select all
17:36:53.940616 IP 2.2.2.1 > $my_remote_server: ICMP echo request, id 34981, seq 106, length 64
17:36:53.940624 IP $my_remote_server > 2.2.2.1: ICMP echo reply, id 34981, seq 106, length 64
17:36:54.951407 IP 2.2.2.1 > $my_remote_server: ICMP echo request, id 34981, seq 107, length 64
17:36:54.951444 IP $my_remote_server: > 2.2.2.1: ICMP echo reply, id 34981, seq 107, length 64
17:36:55.956550 IP 2.2.2.1 > $my_remote_server:: ICMP echo request, id 34981, seq 108, length 64
17:36:55.956559 IP $my_remote_server: > 2.2.2.1: ICMP echo reply, id 34981, seq 108, length 64
17:36:56.964876 IP 2.2.2.1 > $my_remote_server: ICMP echo request, id 34981, seq 109, length 64
17:36:56.964889 IP $my_remote_server: > 2.2.2.1: ICMP echo reply, id 34981, seq 109, length 64
Code: Select all
00:00:00.000000 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 98: 192.168.2.1 > $my_remote_server: ICMP echo request, id 34981, seq 400, length 64
00:00:00.000038 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 98: 2.2.2.1 > $my_remote_server: ICMP echo request, id 34981, seq 400, length 64
00:00:00.000007 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 102: 129.0.0.104 > 2.2.2.1: ICMP type-#188, length 64
00:00:00.022632 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 98: $my_remote_server > 2.2.2.1: ICMP echo reply, id 34981, seq 400, length 64
00:00:00.980164 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 98: 192.168.2.1 > $my_remote_server: ICMP echo request, id 34981, seq 401, length 64
00:00:00.000045 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 98: 2.2.2.1 > $my_remote_server: ICMP echo request, id 34981, seq 401, length 64
00:00:00.000005 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 102: 129.0.0.104 > 2.2.2.1: ICMP type-#188, length 64
Code: Select all
00:00:00.000007 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 102: 129.0.0.104 > 2.2.2.1: ICMP type-#188, length 64
Code: Select all
00:00:00.000005 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 82: 129.0.0.104.48293 > 2.2.2.1.1089: tcp 44 [bad hdr length 0 - too short, < 20]
Any ideas?