Loopback NAT Ignored

[Dinkytoy]

This is a bit of a long shot but you never know what others have seen.

I have a situation where it seems the Loopback NAT rule for a public IP address is simply being ignored.

I have a rule as follows, created by the wizard:

Firewalled Subnets xxx Public xxx Public xxx Private xxx Services Original Any Any 59

Now 'Firewalled Subnets' contains about 8 different subnets, but the NAT rule only seems to work for the Primary LAN subnet rather than all of them.

If I create a dedicated NAT rule for one of the subnets, it also ignores it. If I delete and recreate it, it makes no difference. I'm at a loss to work it out.

I've raised it with Sonicwall but I can't implement their suggested 'firmware change' for another week so just putting it out there. Anyone seen anything like it before?

 

[joepc]

There could be another policy that has a higher priority. That's the only thing I can think of off the top of my head.

 

[Dinkytoy]

Nah, you can't manually control the NAT priorities they are auto-assigned. The only way is making one more specific, but even when I do that it's ignored.

 

[Dinkytoy]

Rolled back the firmware, made no difference. However, I did find the problem which was a mistake in an ACL allowing access to the local DMZ ip range rather than the External range.

I had forgotten that the NAT is applied after the ACL.

Interestingly, though, Sonicwall checked my prior config and proclaimed it correct. Quality support.