No-nat/NAT problem between two internal interface/Subnet

Forum|Forum|1 year ago
December 28, 2024
1 reply
692 views

New setup with a 60F on 7.4.6.
With 3 interface: WAN (6.6.6.6),Vl10_Users(10.0.10.1/24),Vl20_Servers(10.0.20.1/24)
I did a rule that allow traffic between Vl10 and Vl20 with no ''inspection profile''.
When NAT is disable on this rule trafic doesn't work between a host in Vl10 to another host in Vl20.
Has soon I enable the rule with NAT, the host in Vl20 see traffic originating from the host on Vl10 with it's NATed IP.

I don't want to enable NAT on this rule in order to see the originated source IP on the host in Vl20.

Both hosts have they gateway pointing to the corresponding interface on the FW.
I should not have to Nat traffic when routing should only be involved.

I can do some show or debug if needed.

Rule in question:
set name "Allow_All_To_DNS"
set uuid ...........
set srcintf "VL-10_OLD_LAN"...
set dstintf "VL-20_SRV"
set action accept
set srcaddr "all"
set dstaddr "host_10.0.20.20_DNS-SRV"
set schedule "always"
set service "DNS" "ALL_ICMP"
set logtraffic all
set nat enable
set port-preserve disable

Best answer by JoRC

Nevermind, the DNS server was not responding to DNS outside it's range. after a change on the server, it did work.

JoRCAuthorAnswer

Visitor III

Nevermind, the DNS server was not responding to DNS outside it's range. after a change on the server, it did work.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded