We're trying to replace an Endian firewall with a ClearOS based one.
We have 3 WAN interfaces, and 2 LAN interfaces (one of which is a VLAN aliased on the single physical LAN interface, the VLAN is for public wifi access). We don't want auto-failover, and we don't want balancing, we just want three WAN interfaces routing traffic based on where it originated.
On each of the 3 WAN interfaces we have a static block of IPs, and each one should be 1-to-1 NAT'ed to internal IPs. Traffic arriving on a particular WAN interface will naturally return via that interface. Any traffic originating on our LAN from any IP other than those which are 1:1 mapped should be routed via the default gateway (which is one specific WAN interface).
However, what is happening, is that while I can see traffic arriving from the WAN interfaces, anything destined to a 1-to-1 NAT just disappears. I can see it in tcpdump arriving, but it never exits the firewall onto the LAN, no traffic is being 1-to-1 NAT'd. I also noticed that the NTP server is listening on ALL interfaces including these 1-to-1 NAT interfaces, when we only want it responding to NTP requests from inside the LAN. Second, even though the default gateway is set correctly, all traffic is routing via one of the other WAN interfaces instead by default, if it's routing at all.
What could be causing 1-to-1 NATs to not actually pass through and NAT to the internal IPs? Why is traffic routed (when it makes it that far) out the wrong WAN?
We have 3 WAN interfaces, and 2 LAN interfaces (one of which is a VLAN aliased on the single physical LAN interface, the VLAN is for public wifi access). We don't want auto-failover, and we don't want balancing, we just want three WAN interfaces routing traffic based on where it originated.
On each of the 3 WAN interfaces we have a static block of IPs, and each one should be 1-to-1 NAT'ed to internal IPs. Traffic arriving on a particular WAN interface will naturally return via that interface. Any traffic originating on our LAN from any IP other than those which are 1:1 mapped should be routed via the default gateway (which is one specific WAN interface).
However, what is happening, is that while I can see traffic arriving from the WAN interfaces, anything destined to a 1-to-1 NAT just disappears. I can see it in tcpdump arriving, but it never exits the firewall onto the LAN, no traffic is being 1-to-1 NAT'd. I also noticed that the NTP server is listening on ALL interfaces including these 1-to-1 NAT interfaces, when we only want it responding to NTP requests from inside the LAN. Second, even though the default gateway is set correctly, all traffic is routing via one of the other WAN interfaces instead by default, if it's routing at all.
What could be causing 1-to-1 NATs to not actually pass through and NAT to the internal IPs? Why is traffic routed (when it makes it that far) out the wrong WAN?
In Multi-WAN
Share this post:
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »