One of the computers in LAN I want to make NAT 1:1 to public IP . The public IP is routed to IGW2, so all trafic from internet to the computer public IP comes through IGW2. But trafic FROM the computer can be sent by both IGWs.
Everything works fine, when packet is sent by IGW2, there it is NATted to public IP, then answer comes back to IGW and it is NATted back to local IP. It works fine.
But problem is, when packet is sent by IGW1, there it is NATted, answer will come to IGW2. Then IGW2 sent the packet back to the internet, it will make no NAT. The packet is not going to the IP FIREWALL NAT.
What I want:
On both IGW are same rules:
When I ping from the computer to 184.108.40.206, in log on IGW2 I can see, packet are received from 220.127.116.11, but they are sent back to internet interface without any NAT.
Code: Select all
add action=jump chain=srcnat jump-target=nattopublic src-address=10.0.0.0/8 add action=jump chain=dstnat dst-address=18.104.22.168/24 jump-target=natfrompublic add action=src-nat chain=nattopublic src-address=10.140.4.2 to-addresses=22.214.171.124 add action=dst-nat chain=natfrompublic dst-address=126.96.36.199 to-addresses=10.140.4.2
When I added log rule on the 1st place to the NAT table, I can see, packets are not going to the NAT table anyway.
WHY???22:31:06 firewall,info forward: in:vlan503-Inet out:vlan503-Inet, src-mac 44:f4:77:9e:5f:f8, proto ICMP (type 0, code 0), 188.8.131.52->184.108.40.206, len 56
22:31:07 firewall,info forward: in:vlan503-Inet out:vlan503-Inet, src-mac 44:f4:77:9e:5f:f8, proto ICMP (type 0, code 0), 220.127.116.11->18.104.22.168, len 56