Thu Apr 21, 2022 10:42 pm
Well, the day turn out bad. 5 and a half hours later I could finish with the Visio to show you some thing. At 10 a.m. I had a lot of thing in mind with that drawing but in the end we had so many problems to solve that I can't remember what I was thinking at 10 a.m., so, down here you'll se the diagram and here in the post I'll explain some things that happened.
First of all we only disconnect eth1 and 6 from the old router and connect them to the new one to ports 1 and 7 respectively (because of different configurations between the old and the new one).
That eth7 it's connected (like the rest of the eth, besides eth1 of course) to a switch, and that switch goes to the eths of one esxi, right? Well, "under" that eth7 it's the 254.0/24 subnet, so, from "My PC" in the office I tried to connect to some servers that are in the 254.0/24 subnet, but couldn't, AND AGAIN, nothing was happening in the NAT table. As I stayed at the office (because if the new router worked as it should, I would proceed to replace the Mikrotik of the HQ) a partner went to the DC with a laptop and I told him to plug that laptop into eth11...made some rules to get that laptop src nated to use the 2XX.XX.XX.98 to reach out internet, then, made another rule, a dst-nat one that said that, for my 2xx.xx.xx.98:5555, forward all to the laptops IP, port 3389 and then I tried to connect through RDP to that laptop and couldn't BUT NAT RULE WAS RECEIVING HITS! Firewalls laptop was disabled just in case, but I couldn't connect to it. I really didn't care to much, because I wanted to connect to the servers, not to a laptop. So I disabled all the drop rules that I have in Filter and Raw and tried to connect again to 3 different servers, but again, couldn't, and yet again, Nat wasn't registring any hit at all. That laptop was receiving internet through a hotspot wifi from a smartphone and I could connect to that laptop using AnyDesk, so, when I was inside that laptop using anydesk I tried to connect to all the servers that were in the 254.0/24 subnet using private and public IP and, yes, I could...obviously, it was connected directly to the router, so, no surprise there.
So, after trying this and that, I couln't connect to any server. Knowing that It wouldn't work, tried to connect to the rest of the servers using "their" public IP just to see if any nat rule registered any hit, but nothing happens.
The only rule that registered some hits by its own, was one that it's a dst-nat and said that, for 2XX.XX.XX.100 ports TCP 21,80,3306,3389, action was dst-nat to 192.168.250.11. That server is one of the servers with more use of the company I think...it has a program developed by some other partners and it's consulted by almost every machine of the company, so, I guess that those hits were for its port 80, and don't know why, that rule registered hits almost continuosly.
I don't know if there's something wrong with some src-nat or what. I really don't have a clue right now where the problem is.
Any ideas?
Thanks
You do not have the required permissions to view the files attached to this post.