Greetings,
I hope this message finds you well,
To make sure we provide the most accurate solution, could you please help us with the details below?
-
What are the exact firmware versions installed into the devices?
-
How is the WAN interface configured (routed interface or bridge/VLAN)?
- NAT operates only on routed interfaces, so this lets us confirm traffic is processed correctly.
- Does the WAN-side device initiate connections to the LAN, or does the LAN initiate them?
- The traffic direction affects how address translation and address resolution are handled.
- Are multiple IP addresses or subnets allowed on the WAN interface?
- This determines the simplest way to make the translated addresses reachable.
- Is Proxy ARP available or enabled on the WAN interface?
- This allows the router to respond on behalf of translated addresses, which is required for subnet 1:1 NAT.
- Is reverse path filtering (rp_filter) enabled on the WAN interface?
- If enabled, valid translated traffic may be dropped before reaching the destination.
- Are there any additional NAT or masquerade rules applied on the WAN interface?
- This helps us ensure no other rules are interfering with the NETMAP translation.
- Do you need full two-way (bidirectional) 1:1 NAT, or only inbound access from WAN to LAN?
- This helps us tailor the configuration to your actual use case.
- If possible, could you provide a short packet capture from the WAN interface during a failed connection attempt?
- This allows us to quickly confirm whether address resolution is working as expected.
Additionally, you can check this thread as the user had a similar topology, that might help you with the setup:
Looking forward to your reply,
Warm regards,
V.