NAT inside to inside


#1

I have 8 public IP. 1.1.1.2 and 1.1.1.3. and two internal servers 10.0.0.2(domainA.com domainB.com), 10.0.0.3. I have set the NAT from outside to inside successfully. but now I found if I want to go to domainA.com from 10.0.0.2, I got error. Is it a firewall rule problem or NAT problem? how to set it?

firewall {
all-ping enable
broadcast-ping disable
config-trap disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name OUTSIDE-IN {
default-action drop
rule 10 {
action accept
state {
established enable
related enable
}
}
rule 301 {
action accept
destination {
address 10.0.0.2
port 20,21,22,25,53,80,110,143,443,587,993,995,3306,8080,8081
}
protocol tcp
state {
new enable
}
}
}
}
interfaces {
bridge br0 {
address 1.1.1.2/29
address 1.1.1.3/29
aging 300
firewall {
in {
name OUTSIDE-IN
}
out {
}
}
hello-time 2
max-age 20
priority 0
stp false
}
ethernet eth0 {
address 10.0.0.2/16
duplex auto
firewall {
in {
}
local {
}
}
hw-id 00:ed:78:de:29:e5
smp_affinity auto
speed auto
}
ethernet eth1 {
address 10.0.0.3/16
duplex auto
firewall {
in {
}
local {
}
}
hw-id 00:ed:78:de:29:e6
smp_affinity auto
speed auto
}
loopback lo {
}
}
nat {
destination {
rule 307 {
description “Port Forward: HTTP to 10.0.0.2”
destination {
address 1.1.1.2
port 80
}
inbound-interface br0
protocol tcp
translation {
address 10.0.0.2
port 80
}
}
}
source {
rule 100 {
outbound-interface br0
source {
address 10.0.0.2/32
}
translation {
address 1.1.1.2
}
}
rule 110 {
outbound-interface br0
source {
address 10.0.0.3/32
}
translation {
address 1.1.1.3
}
}
rule 160 {
outbound-interface br0
source {
address 10.0.0.0/16
}
translation {
address masquerade
}
}
}
}


#2

seems like you’re totally missing source nat rules


#3

You are right. I added my source nat rules.