Traffic cannot be forwarded correctly after configuring NAT in the CAS's VM
- 0 Followed
- 0Collected ,24Browsed
Network Topology
E0782P03
Problem Description
The customer has 4 VMs, all located in the same local area network. Among them, VM1 has 2 network cards: one is connected to the internal VM2 to VM4, and the other is connected to the external network.
After configuring the following NAT settings on VM1:
sudo iptables -t nat -A POxxxx-o ens14 -j MASxxxx
sudo iptables -A FOxxxx -i ens7 -o ens14 -j Axxxx
sudo iptables -A FOxxxx -i ens14 -o ens7 -m state --state ESTABLISHED,RELATED -j Axxxx
When VM2 accesses the external network through VM1, a NAT session is established on VM1, but the returning traffic cannot reach VM2.
Process Analysis
1. Verified that IP forwarding is enabled in VM1.
2. Confirmed that the source network has been specified.
3. Checked and found that all ACL policies are permitted.
4. The checks of VM1, VM2, and NAT sessions are all normal.
5. tcpdump packet capture shows that the return traffic from the Internet has reached VM1, but VM2 did not receive the traffic forwarded from VM1.
Upon further inspection of VM1's configuration, it was found that IP/MAC address binding was enabled. After disabling the IP/MAC address binding function, further testing showed that the problem was resolved.
Solution
Disable the IP/MAC binding function of the VM