Create a Post
Showing results for 
Search instead for 
Did you mean: 

No internet with NAT and internal routing problem

Hi @All,

we've installed a FW 1530 with R80.20.25. The problem seems to be near to R80.10 NAT issue but it's not the same.

We defind a switch for LAN1-4 with local network (network1) and the subnet (network2) on LAN5.

We've a static IP un WAN and the connection works fine. Updates are loaded and Ping/Traceroute from web-gui are working correct. We did'nt define manual policies.

The problem is, that the clients won't connect to internet, as long as NAT is enabled. The connections only works, while NAT for outgoing traffic is disabled with manual NAT rules.
- <network1>, any, any, <wan ip (hide)>, original, original
- <network2>, any, any, <wan ip (hide)>, original, original

From this moment on, both networks are working, but the problem is, that we're not able to connect from one internal network to another.

When I heve a look at the routing table, everything seems to be fine:
1. <network1>, any, any, LAN1, 0, directly attached
2. <network2>, any, any, LAN5, 0, directly attached
3. <wan subnet>, any, any, WAN, 0, directly attached
4. Default, any, any, <wan gateway>, 0, default ...

The routing table from the command output is showing the result in reverse order. It's confusing.

All traceroutes from <network1> to <network2> are routing directly to wan and the connection fails.

Thanks for your ideas.

0 Kudos
3 Replies

But those rules don’t look like NAT is disabled but rather configured with a manual NAT rule?
Also, so you have an explicit rule permitting the two networks to talk to one another?

0 Kudos

Thanks for your reply. Routing was a problem of the NIC of network2. With another NIC this problem ist solved.

I have described the NAT behavior again in a direct reply to my post.

0 Kudos

The routing problem is resolved. It was a problem with the network adapter of network2. Changed to another adapter and everything ist fine.

What I still don't quite understand is the behavior of the NAT settings. As long as the switch for outgoing traffic is set to ON under "Access Policy -> NAT", requests go out, but no responses come back.
Unfortunately, the only option that helps is to define your own NAT rules: Translate traffic from network1 to any destination on any service, as if the traffic is hidden behind gateway_ip to original destination on original service.
And the same with the other networks.

It works, but it didn't feel right.

0 Kudos