This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Two 1:1 NAT's on same interface w/ Alias?

We need to NAT two external (to us) IPs to two different servers from the same interface. We got one to work without issue, but the second one is not working.

For the first (10.36.109.84) we created a business rule to forward anything on PortA5 to 172.16.1.1. Outbound we made a firewall rule and set MASQ to default, interface IP. Operation was as expected, no issues, worked great.

Today we tried to add the second ("external") IP 10.36.109.89 to the same interface as an alias, and cloned the same business rule and firewall rule. We also added a specific NAT rule (instead of MASQ) to use 10.36.109.89 as the NAT IP.

No success. All the traffic that hit PortA5 was routed to 10.36.109.84 and all outbound traffic from 172.16.1.2 used 10.36.109.84 as the IP, not the .89 IP that we created the rule for.

Is it possible to have 2 separate external IPs NAT'd through the same interface, to different internal IPs?

Should the business rule say "forward everything" on PortA5 or does that include PortA5:0, too?

When we tried to use tcpdump -i PortA5:0 we got the error that there's no IPv4 address assigned.

Anyone see anything we did wrong?

This thread was automatically locked due to age.

0 Karlos over 7 years ago

Hi SeanPetty

Instead of cloning the same business rule for the 2^nd external address, you want ‘Destination Host/Network*’ to point to the alias address (10.36.109.89) instead and forwarded to 172.16.1.2. You would maintain the MASQ rule to point to .89.

To make sure I understand how you set up the Business and Firewall rule, would you send a snip of your settings for both?

The ‘Forward Type’ just means the services/ports you’d like to be forwarded and nothing to do with the interface.

Please let me know if that worked for you.

Thanks,

Karlos
Cancel
Vote Up 0 Vote Down

Cancel