I have several internal subnets with WAN Access and the following NAT-Rule:
Code: Select all
add action=masquerade chain=srcnat comment="masquerade LAN->WAN" out-interface-list=WANCan someone help me to change my NAT rule?
Thanks,
Christian
Issue with NAT and internal Subnets
Hi,
I have several internal subnets with WAN Access and the following NAT-Rule:
Internet works for all VLAN Subnets, but I have an issue with Multicast Routing within my subnets. If I disable the NAT Rule (only for test purposes), everything works! So I think, I have to exclude all internal Subnes from SrcNat. But I am struggling with the configuration. All attempts failed! I have a dynamic WAN IP from ISP.
Can someone help me to change my NAT rule?
Thanks,
Christian
I have several internal subnets with WAN Access and the following NAT-Rule:
Can someone help me to change my NAT rule?
Thanks,
Christian
Re: Issue with NAT and internal Subnets
Does interface list "WAN" contains only your ISPs interfaces?
Re: Issue with NAT and internal Subnets
Hi,
yes, it is ether1 (WAN)
Christian
yes, it is ether1 (WAN)
Christian
Re: Issue with NAT and internal Subnets
What ROS and firmware version do you use?
Re: Issue with NAT and internal Subnets
Hi,
I use 6.42.6 and FW3.41 on RB3011
Christian
I use 6.42.6 and FW3.41 on RB3011
Christian
Re: Issue with NAT and internal Subnets
Given the issue as you describe it, give this a try ....
Code: Select all
add action=masquerade chain=srcnat comment="masquerade LAN->WAN" out-interface-list=WAN src-address-type=!multicast Re: Issue with NAT and internal Subnets
Hi,
thanks for the modification of the NAT-Rule, but it is not working!
Let me try to explain the whole story. Maybe some has an idea:
I have Sonos palyers on vlan30 and controller on vlan10 and vlan60 (interface-list "Sonos Control"). PIM is working and I implemented the following FW-rules:
Sonos works across different subnets as long as player and controller were initially setup in the same subnet.
This means:
My issue is only present for initial player/controller setup, although all relevant ports are free (checked with Sonos support). I cannot connect new players/controllers to the Sonos system if player and controller are in different subnets.
Workaround:
bring new player/controller to vlan30 (Sonos SubNet), temporary!
But:
If I disable the NAT Rule (see above) I can connect new devices accross the subnets and I do not understand why this is the case!
This must have something to do with the NAT-Rule
Christian
thanks for the modification of the NAT-Rule, but it is not working!
Let me try to explain the whole story. Maybe some has an idea:
I have Sonos palyers on vlan30 and controller on vlan10 and vlan60 (interface-list "Sonos Control"). PIM is working and I implemented the following FW-rules:
Code: Select all
add action=accept chain=forward comment="SONOS: forward Multicast traffic" \
dst-address=239.255.255.250
add action=accept chain=forward comment=\
"SONOS: forward Controller events to Players" dst-port=1400,4444,4070 \
in-interface-list="Sonos Control" out-interface=vlan30 protocol=tcp
add action=accept chain=forward comment=\
"SONOS: Forward Contoller events from Players" dst-port=\
3400,3401,3500,4070 in-interface=vlan30 out-interface-list=\
"Sonos Control" protocol=tcp
add action=accept chain=forward comment=\
"SONOS. Forward UPnP Device Discovery events from Players" dst-port=\
1900,1901,5353,6969 in-interface=vlan30 out-interface-list=\
"Sonos Control" protocol=udpThis means:
My issue is only present for initial player/controller setup, although all relevant ports are free (checked with Sonos support). I cannot connect new players/controllers to the Sonos system if player and controller are in different subnets.
Workaround:
bring new player/controller to vlan30 (Sonos SubNet), temporary!
But:
If I disable the NAT Rule (see above) I can connect new devices accross the subnets and I do not understand why this is the case!
This must have something to do with the NAT-Rule
Christian