Source IP passthrough to nat clients

junglecom · ‎03-26-2013

Hi All, I am NATing 2 servers through a fortigate firewall. Internet | Fortigate (NAT) | | VM1 VM2 When I check the access logs on the servers being NATed (VM1, VM2) all the traffic has the source IP of the fortigate server. How can I make it so the original source IP is sent down the NAT to the destination servers? Thank you

emnoc · ‎04-03-2013

Since your all over with posting this same problem; - create one default route to this port Remove that 2nd route, remove your check NAT enable block and you should be golden.

PCNSE

NSE

StrongSwan

junglecom · ‎04-03-2013

Thanks everyone for your input! Please let me start over here, since I still am unable to get this working. Below is all my settings simplified. Anyone see what I am missing here? Thank you very much for your help!

emnoc · ‎04-03-2013

like the other thread

PCNSE

NSE

StrongSwan

junglecom · ‎04-03-2013

Sorry I started my config over removing all unnecessary IPs, since I still am unable to get this working. Below is all my settings simplified (reposted). Anyone see what I am missing here? Thank you very much for your help! (VIP Updated)

junglecom · ‎04-09-2013

Sorry for being a nitwit here but figured out the issue. Rule number #1 of IT: Always check the firewall of the server first. My co-worker, unknown to me, had set iptables to only accept traffic from fortigate private ip address. This is why i could access with incoming NAT turned on and not with it OFF. Cause the source IP would change to the original public IP of the source traffic. Thank you all for your help with this.

ede_pfau · ‎04-10-2013

wow, what a real blooper! Hope you told him some...

Ede

"Kernel panic: Aiee, killing interrupt handler!"

danielsuarez · ‎11-29-2019

And 6 years later, I carefully followed this post since I was facing the exact same problem, just to realize my local resource was also only allowing traffic from the FortiGate private address. So, thank you junglecom, haha.