Hi Guys,
i am using VRRP with Connection-Tracking and have discovered an issue with the NAT-Table.
I have two routers (Router A - VRRP Master) and (Router B - VRRP Slave).
Both routers are configured identical - running rsc-script on both routers, only changing fixed Interface-IP-Addresses.
There is a SRC-Nat for all Packets that have SRC (10.0.0.0/8) and outgoing interface via ether1. SRC-To-Address is fixed to the outbound ip-address.
The Connection-Tracking gets synced between both routers. So that looks okay for me.
There is Router C (Internet) connected to RouterA and RouterB with a public ip-address subnet. Router-A and Router-B both have same IP-Address configured to there ether1 Interface.
Constellation:
Router-A is Master, IP-Address 10.1.160.1 is configured to ether2 via vrrp-interface.
Traffic from the internal network to the internet is passing Router-A > Router-C -> Internet
The backward-traffic is Internet -> Router-C -> Router-A -> Client - OK
But if the backward-traffic is Internet -> Router-C -> Router-B -> Client the packet not gets forwarded bei Router-B. - Why?
You can see in the screenshots, that the ICMP-Echo is received by Router-B but will not be forwarded.