outbound NAT

Started by dyoung, February 07, 2020, 01:21:33 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 07, 2020, 01:21:33 AM Last Edit: February 07, 2020, 01:40:40 AM by dyoung
Working with 20.1 that has been factory reset for testing.
LAN interface
     DHCP is assigning this interface 192.168.2.222
     Route added -- 193.168.1.0/24 -> 192.168.2.222
WAN interface is connected to DD WRT router for testing.
     DD WRT is assigned 193.168.1.1
     DHCP has assigned WAN interface 193.168.1.129
     Route added -- 192.168.2.0/24 -> 193.168.1.129

When using automatic NAT rules:
         LAN    127.0.0.0/8    *    *    500    LAN    *    YES    Auto created rule for ISAKMP
        LAN    127.0.0.0/8    *    *    *            LAN    *    NO    Auto created rule
        WAN    127.0.0.0/8    *    *    500    WAN    *    YES    Auto created rule for ISAKMP
        WAN    127.0.0.0/8    *    *    *            WAN    *    NO    Auto created rule
Packet captures on the WAN interface while ping is running and connection to DD WRT web interface:
WAN em0   00:30:10.025146 IP 192.168.2.170.41638 > 193.168.1.1.80: tcp 0
WAN em0   00:30:10.025267 IP 193.168.1.1.80 > 192.168.2.170.41638: tcp 0
WAN em0   00:30:10.025493 IP 192.168.2.170.41638 > 193.168.1.1.80: tcp 0
WAN em0   00:30:10.026023 IP 193.168.1.1.80 > 192.168.2.170.41638: tcp 0
WAN em0   00:30:10.856352 IP 192.168.2.170 > 193.168.1.1: ICMP echo request, id 6171, seq 12, length 64
WAN em0   00:30:10.857010 IP 193.168.1.1 > 192.168.2.170: ICMP echo reply, id 6171, seq 12, length 64
WAN em0   00:30:11.037881 IP 192.168.2.170.41640 > 193.168.1.1.80: tcp 0
WAN em0   00:30:11.038510 IP 193.168.1.1.80 > 192.168.2.170.41640: tcp 0
WAN em0   00:30:11.038765 IP 192.168.2.170.41640 > 193.168.1.1.80: tcp 0
WAN em0   00:30:11.862251 IP 192.168.2.170 > 193.168.1.1: ICMP echo request, id 6171, seq 13, length 64
WAN em0   00:30:11.862909 IP 193.168.1.1 > 192.168.2.170: ICMP echo reply, id 6171, seq 13, length 64

No NAT Translation. :(
When I use Manual outbound NAT rules:
      WAN    LAN net    *            *    *            Interface address    *    NO         
      WAN    LAN net    icmp/ *    *    icmp/ *    Interface address    *    NO         
Packet captures on the WAN interface while ping is running and connection to DD WRT web interface:
WAN em0   00:37:07.374455 IP 192.168.2.170 > 193.168.1.1: ICMP echo request, id 6171, seq 426, length 64
WAN em0   00:37:07.375152 IP 193.168.1.1 > 192.168.2.170: ICMP echo reply, id 6171, seq 426, length 64
WAN em0   00:37:08.380369 IP 192.168.2.170 > 193.168.1.1: ICMP echo request, id 6171, seq 427, length 64
WAN em0   00:37:08.381022 IP 193.168.1.1 > 192.168.2.170: ICMP echo reply, id 6171, seq 427, length 64
WAN em0   00:37:08.561750 IP 193.168.1.129.29196 > 193.168.1.1.80: tcp 0
WAN em0   00:37:08.562372 IP 193.168.1.1.80 > 193.168.1.129.29196: tcp 0
WAN em0   00:37:08.562658 IP 193.168.1.129.29196 > 193.168.1.1.80: tcp 0
WAN em0   00:37:09.042284 IP 193.168.1.129.29196 > 193.168.1.1.80: tcp 328

NAT translates HTTP but not ICMP. :-\

Not sure what I am missing.  Everything else seems pretty self explanatory.
February 08, 2020, 01:51:15 AM #1
UPDATE

Don't like this for an answer, but rebooted today and now the automatic outbound NAT works.
Print
Go Up Pages1
User actions