NAT Reflection working on some internal neworks

[gcells]

Hi All,

I have 3 internal networks. Lets call them L-lan, C-Captive guest network, V-network for virtual machines and 2 WANs WAN1, WAN2.
I have setup port forwarding in the following way:
Internet -> WAN1:443 -> V-10.0.0.5:443

This way, anyone hitting port 443 of my WAN1 is successfully able to reach the virtual machine in network V.

Case1:
Captive -> WAN1:443 -> Reflected to V-10.0.0.5:443
This is working as expected. Natted service is accessible.

Case 2:
Lan -> WAN1:443 -> Black holed.

Routing has been set up between L & V. Machines on L and V are able to communicate with each other.
However, Reflection is not working only for Lan network.

Both the Captive, and Lan networks have gateway set to the load balancing group gateway.

I am a bit surprises because many forum posts say that Reflection doesn't work with Multi Wan however, it works for me for the Captive portal network.

I am trying to understand if there is something wrong in my setup that is causing this unusual behaviour of Reflection working for multi wan without any other config. Would it be possible to get Lan -> WAN1 -> V reflection working as well?

Thanks,
Aditya

[gcells]

Here is the RTFM solution that I figured out for anyone else facing similar issue.

Documentation mentions that auto-generated reflection rules should be avoided in favour of explicitly configured rules.

I have simply created a NAT rule as follows:

Destination Host: WAN IP
Destination Port: NAT port

Redirect IP: target host IP

Interfaces: Select all interfaces. In my case I selected L,V,C,WAN1,WAN2
filter rule: "pass" or any existing filter rule.

While this solves my problem, I am still intrigued by the fact that reflection was working for some interfaces and not for others.

Happy networking.