We have some internal servers on which we have configured NAT rules to expose them to internet via dedicated WAN IPs for each server.
We are able to connect to the servers from WAN without any issues. But we are unable to connect from one server to another using WAN IPs.
Current Setup:
- Port 2 listens to WAN and Port 3 & 4 are Bridged to from br0.
- br0 falls in LAN Zone.
- Each Server belongs to a different VLAN so we have created VLAN interfaces on br0 for each VLAN.
- Server-01, WAN IP: 202.202.202.201, LAN-IP: 192.168.21.21, VLAN-21, VLAN Interface Gateway: 192.168.21.11, VLAN interface: br0.21
- Server-02, WAN IP: 202.202.202.202, LAN-IP: 192.168.22.22, VLAN-22, VLAN Interface Gateway: 192.168.22.11, VLAN interface: br0.22
- There is a firewall Rule which allows traffic between these VLANs
- On both server's firewall of OS is turned off
Upon pinging Server-02's WAN IP from Server-01,
- I get below response on Server-01 (from it's VLAN's gateway):
From 192.168.21.11 icmp_seq=453 Destination Host Unreachable
- I can see below entry in log viewer which shows that Sophos is allowing outbound traffic considering it as internet traffic. But it doesn't reach Server-02
Any pointer on what I am missing here?
Thanks!
This thread was automatically locked due to age.
