I am having a heck of a time getting 1:1 NAT working

[joecorea]

Hellow All,

I am totally stumped on how to get 1:1 NAT working.  I can see the outbound traffic from my device is getting translated properly, but inbound from the Internet to the device doesn't seem to be working. WHen I look in the logs I see (IPs have been changed from the actual addresses):

Internal IP of device to be made available to the Internet: 10.2.195.70
The NAT IP for the device: 111.11.163.164
External IP that is attempting to connect to the device: 4.4.157.227
The WAN IP of the firewall: 111.11.163.161

Interface      Time   Source   Destination   Proto   Label   
LAN      Nov 21 18:03:43   111.11.163.161:12087   10.2.195.70:80   tcp   let out anything from firewall host itself   
WAN      Nov 21 18:03:43   4.4.157.227:48980   10.2.195.70:80   tcp   USER_RULE

And when I look in the States dump I see:

all   tcp   10.2.195.70:80 (111.11.163.164:80) <- 4.4.157.227:48982   CLOSED:SYN_SENT   
all   tcp   111.11.163.161:21077 (4.4.157.227:48982) -> 10.2.195.70:80   SYN_SENT:CLOSED

It looks like the packet is coming in OK, but the firewall for some reason isn't keeping track of that conneciton properly and is applying a NAT to it's own address instead of the one I setup.

What I did for the 1:1 NAT setup was:

Interface = WAN
External IP = 111.11.163.164
Destination IP: *

System Version: 18.7.7 (latest at the time of this post)

It has to be something simple as this is the first time I am setting this up. I am just stumped! - Thanks in advance for any suggestions.

[joecorea]

I found out the issue. Turns out at the bottom of my outbound NATs I had an entry that looked like this:

LAN   any    *   *   *   WAN address   *   NO   

I already had the setting "Hybrid outbound NAT rule generation" set so I don't need that one. I took the redundant NAT out and it is working as expected now.