I need to allow some hosts on my LAN to be reachable from the internet. The client wants to control their own ports on four public IP addresses.
I'm running the latest firmware (2.0.9hotfix-1).
I've got source NAT working, but destination NAT doesn't work at all. I can't reach any services or ping on the public IP addresses. The router is definitely dropping the packets. A packet capture shows the packets arriving. The counters for my Destination NAT are increasing.
I followed these directions:
https://help.ui.com/hc/en-us/articles/115009504308-EdgeRouter-How-to-Distribute-Public-IP-Addresses
Could this problem be caused by the fact that I already have port forwarding rules?
I've successfully performed this procedure on a spare router. Right now I'm trying to narrow down the differences between the configuration of the spare router and the live router.
I've tried adding firewall rules to permit traffic from the secondary public IP address to the destination address inside the LAN with no luck.
The only differences I can find between the configuration of the live router that isn't working and the spare router that is working is that the spare router doesn't have a default drop rule enabled and the spare router doesn't have any port forwarding configured.
No comments:
Post a Comment