Actions
Bug #2163
closed
1:1 NAT Reflection helper rules do not cover static route subnets
Start date:
02/03/2012
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0.1
Affected Architecture:
Description
If you enable NAT reflection for 1:1 NAT and also the outbound NAT rules to assist 1:1 NAT, the resulting rules only cover the LAN subnet.
If you try to reach the public IP of a 1:1 NAT entry from a static route subnet, it doesn't work properly.
For example on a LAN of 192.168.66.x with a static route on LAN to 192.168.77.x the resulting rule for a 1:1 NAT targeting 192.168.66.5 is:
nat on em1 from 192.168.66.0/24 to 192.168.66.5 -> em1 port 1024:65535
But it should have one entry per subnet reachable on that interface, such as:
nat on em1 from 192.168.66.0/24 to 192.168.66.5 -> em1 port 1024:65535 nat on em1 from 192.168.77.0/24 to 192.168.66.5 -> em1 port 1024:65535
Updated by 
Updated by
Actions