What really ought to be a basic one, but I can't spot what I'm doing wrong...
Edgerouter Lite, 1.9 firmware
Two internal subnets, 192.168.10.0/24 and 192.168.0.0/24. both on eth1 which has two addresses, 192.168.10.1 and 192.168.0.1
External via PPPOE on eth0.
NAT setup for both internal subnets - works fine, but I want to exclude traffic from 10.0/24 to 0.0/24 from the NAT so it's just routed. Easy I think - add an "exclude" rule, put it at the top of the SNAT list.
But apparently that exclude is ignored - never hit on the statistics and I can see with Wireshark from a capture on eth1 that the router is simply NATting as per everything else. NATting very well, but ignoring me!
show nat rules:
X5000 MASQ eth1 saddr 192.168.10.0/24 to 192.168.10.1
proto-all sport ANY
when daddr 192.168.0.0/24, dport ANY
5001 MASQ pppoe0 saddr 192.168.0.0/24 to 81.187.252.20
proto-all sport ANY
5002 MASQ pppoe0 saddr 192.168.10.0/24 to 81.187.252.20
proto-all sport ANY
ubnt@ubnt:~$ show nat statistics
rule count type IN OUT description
---- ---------- ---- -------- -------- -----------
5000 0 MASQ - eth1 ExcludeServerToNeo
5001 1604 MASQ - pppoe0 InternalNatOut
5002 220 MASQ - pppoe0 ServerNATOut
I've tried 192.168.0.0/24 and a specific single host - still no effect. Tried the pppoe interface as well as eth1 and still no effect.
What am I missing...?
Thanks
Kim