Hello,
I’m running vyos with the following config:
interface eth0 WAN1
interface eth1 WAN2
interface eth4 LAN-Servers
interface eth6 LAN-Clients
I’m trying to setup a NAT rule for one internal server and want to access it with the IP 91.112.x.x of eth0 (WAN1) from 10.0.6.10 from eth6 (LAN-Clients) to 10.0.1.29 eth4 (LAN-Servers)
I’ve created a DNAT-rule:
set nat destination rule 700 destination port ‘315’
set nat destination rule 700 destination address ‘91.112.x.x’
set nat destination rule 700 inbound-interface ‘any’
set nat destination rule 700 protocol ‘tcp’
set nat destination rule 700 translation address ‘10.0.1.29’
set nat destination rule 700 translation port ‘315’
I’ve also created two SNAT-rules:
set nat source rule 470 outbound-interface ‘eth4’
set nat source rule 470 source address ‘10.0.0.0/8’
set nat source rule 470 destination address ‘91.112.x.x/32’
set nat source rule 470 destination port ‘315’
set nat source rule 470 protocol tcp
set nat source rule 470 translation address masquerade
set nat source rule 470 log enable
set nat source rule 471 outbound-interface ‘eth4’
set nat source rule 471 source address ‘10.0.0.0/8’
set nat source rule 471 destination address ‘10.0.1.29/32’
set nat source rule 471 destination port ‘315’
set nat source rule 471 protocol tcp
set nat source rule 471 translation address masquerade
set nat source rule 471 log enable
Traffic from the internet to the internal servers works fine.
But the traffic from the internal clients ends up at IF eth1 (WAN2) instead of eth4 (LAN-Servers)
sudo tcpdump -i eth1 | grep “.315”
06:31:17.036168 IP 10.0.6.10.2898 > 10.0.1.29.315: Flags [S], seq 1108436121, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
I don’t know why this does happen :-/