Hello,
We have a /29 assigned to our Router on br0. I have a server connected to eth5.
Server ip: 192.168.30.2
Router IP: X.X.X.27/29
I have created two rules, one for DNAT and one for SNAT. Here is the config:
interfaces {
bridge br0 {
address X.X.X.227/29
address X.X.X.228/29
aging 300
hello-time 2
max-age 20
priority 0
stp false
traffic-policy {
in DownStream
out UpStream
}
}
ethernet eth0 {
bridge-group {
bridge br0
}
duplex auto
speed auto
}
ethernet eth1 {
bridge-group {
bridge br0
}
duplex auto
speed auto
}
ethernet eth2 {
bridge-group {
bridge br0
}
duplex auto
speed auto
}
ethernet eth3 {
bridge-group {
bridge br0
}
duplex auto
speed auto
}
ethernet eth4 {
duplex auto
speed auto
}
ethernet eth5 {
address 192.168.30.250/24
duplex auto
speed auto
}
ethernet eth6 {
duplex auto
speed auto
}
ethernet eth7 {
duplex auto
speed auto
}
loopback lo {
}
}
service {
gui {
https-port 443
}
nat {
rule 4000 {
description "Inbound 1:1 NAT to XXXXX"
destination {
address X.X.X.228
}
inbound-interface br0
inside-address {
address 192.168.30.2
}
log disable
protocol all
type destination
}
rule 5001 {
description "Outbound 1:1 NAT to XXXXXX"
outbound-interface br0
outside-address {
address X.X.X.228
}
protocol all
source {
address 192.168.30.2
}
type source
}
}
}
}
ssh {
port 22
protocol-version v2
}
}
system {
gateway-address X.X.X.225
host-name router01
login {
banner {
pre-login "\n\n\n\tUNAUTHORIZED USE OF THIS SYSTEM\n\tIS STRICTLY PROHIBITED!\n\n\n\n\n"
}
user ubnt {
authentication {
encrypted-password ****************
plaintext-password ****************
}
level admin
}
}
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
}I cannot get DNAT to work correctly. I can ping the IP but only because I assigned it to br0. I cannot access the web server, SSH, etc. to the .228 IP.
What am I missing?
Thanks