Hello volks,
yesterday I stumbled over a weird new issue. It seems that our NAT masquerading rules are not applied when traffic matches a policy or multipath route (in interface mode).
So I tried a traceroute with a port so the trace would match the route. But I won't get a response after the firewall. If I disable the route I get an answer depending on the WAN interface the traffic is going.
Interestingly, if I add an SNAT rule to the bottom of the NAT rules it only works when the route is disabled. If I re enable the route, there is no response in the traceroute after the firewall.
It seems that this problem occurred after we installed the version before 9.716-2.
Has anyone ever seen this behavior before? Any tips on how to diagnose this further?
Kind regards,
Nico
This thread was automatically locked due to age.
