Project

General

Profile

Actions

Bug #2163

closed

1:1 NAT Reflection helper rules do not cover static route subnets

Added by Jim Pingle about 12 years ago. Updated over 11 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
NAT Reflection
Target version:
Start date:
02/03/2012
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0.1
Affected Architecture:

Description

If you enable NAT reflection for 1:1 NAT and also the outbound NAT rules to assist 1:1 NAT, the resulting rules only cover the LAN subnet.

If you try to reach the public IP of a 1:1 NAT entry from a static route subnet, it doesn't work properly.

For example on a LAN of 192.168.66.x with a static route on LAN to 192.168.77.x the resulting rule for a 1:1 NAT targeting 192.168.66.5 is:

nat on em1 from 192.168.66.0/24 to 192.168.66.5 -> em1 port 1024:65535

But it should have one entry per subnet reachable on that interface, such as:

nat on em1 from 192.168.66.0/24 to 192.168.66.5 -> em1 port 1024:65535
nat on em1 from 192.168.77.0/24 to 192.168.66.5 -> em1 port 1024:65535
Actions

Also available in: Atom PDF