So,
I have a simple setup
source lan: 192.168.200.1/24
a service lan on br0: 192.168.1.99/24 (99 is the ip of the port on the edgerouter lite).
2 devices in service lan: 192.168.1.1 and 192.168.1.2
192.168.1.1 and 192.168.1.2 can talk to each other
i can ping 192.168.1.1 from 192.168.200.1/24 subnet, but not 192.168.1.2
here is a trace:
09:27:47.145952 IP 192.168.1.99 > 192.168.1.1: ICMP echo request, id 1, seq 4488, length 40
09:27:47.146160 IP 192.168.1.1 > 192.168.200.100: ICMP echo reply, id 1, seq 4488, length 40
09:27:48.150656 IP 192.168.1.99 > 192.168.1.1: ICMP echo request, id 1, seq 4489, length 40
09:27:48.150849 IP 192.168.1.1 > 192.168.200.100: ICMP echo reply, id 1, seq 4489, length 40
15:54:32.610745 IP 192.168.1.99 > 192.168.1.1: ICMP echo request, id 1, seq 4487, length 40
15:54:32.610937 IP 192.168.1.1 > 192.168.200.100: ICMP echo reply, id 1, seq 4487, length 40
09:28:21.158803 IP 192.168.1.99 > 192.168.1.2: ICMP echo request, id 1, seq 4490, length 40
09:28:21.159232 IP 192.168.1.2 > 192.168.1.99: ICMP echo reply, id 1, seq 4490, length 40
09:28:26.062902 IP 192.168.1.99 > 192.168.1.2: ICMP echo request, id 1, seq 4491, length 40
09:28:26.063312 IP 192.168.1.2 > 192.168.1.99: ICMP echo reply, id 1, seq 4491, length 40
I use the NAT because the devices in the service lan have 0 configuration for routing, rip, static routes, gateways etc.
I need access to them from 192.168.200.1/24 because they have service pages for diagnostics.
I have tried:
disabling offloading
invalid packet rules
If you have any ideas for me to try I would love to give them a go!
Thanks,
Marcus