Hey folks,
I'm having an issue with a NAT I've built, and I want to know if proxy arp is the correct solution for the problem.
The long and the short of the story is that the folks on the other side of a tunnel I have built are trying to connect to some hosts behind a NAT that I have set up. Their source IP address is 172.16.101.17, which is on their side of the tunnel. I set up a second destination NAT for devices in a test network (10.70.0.0/16), and I am able to connect to things behind 172.16.101.18 without issue. Do I need to enable proxy arp for this to work? I am pretty new to setting up NATs.
I have details below on how I set this up. Thank you in advance for your help.
ec2-user@VSRX1> show configuration interfaces st0.22
family inet {
mtu 1436;
address 172.16.101.18/30;
}
source {
rule-set source_nat_1 {
from interface st0.22;
to interface st0.22;
rule from_tunnel_source_nat {
match {
source-address 172.16.101.17/32;
}
then {
source-nat {
interface;
}
}
}
}
rule-set source_nat_2 {
from zone test-zone;
to interface st0.22;
rule from_test_zone_source_nat {
match {
source-address 10.70.0.0/16;
}
then {
source-nat {
interface;
}
}
}
}
}
destination {
pool rdp {
address 10.133.0.18/32 port 3389;
}
pool sftp {
address 10.133.1.10/32 port 22;
}
rule-set dnat_rules {
from zone tunnel_zone;
rule rdp {
match {
destination-address 172.16.101.18/32;
destination-port {
3389;
}
}
then {
destination-nat {
pool {
rdp;
}
}
}
}
rule ssh {
match {
destination-address 172.16.101.18/32;
destination-port {
22;
}
}
then {
destination-nat {
pool {
sftp;
}
}
}
}
}
}