It's getting strange!!!
When I call a website with my setup from a client which is diverted to the proxy, I can see the entry in the SNAT (command: show nat translations detail) for this access to this host! Clearly there is a SNAT translation!
10.0.1.111:57169 88.198.47.10:80 10.0.0.1:57169 88.198.47.10:80 tcp: snat: 10.0.1.111 ==> 10.0.0.1 timeout: 104 use: 1
But - WHY?!?!?!?
This is my NAT configuration:
nat {
rule 4 {
description "Extern 22 sperren (Auf Blackhole leiten)"
destination {
port 22
}
inbound-interface pppoe0
inside-address {
address 10.99.99.99
}
log disable
protocol tcp_udp
type destination
}
rule 5001 {
description "Masquerade to PPPoE"
log disable
outbound-interface pppoe0
protocol all
type masquerade
}
rule 5002 {
description "Masquerade to vtun0"
destination {
}
log disable
outbound-interface vtun0
protocol all
type masquerade
}
rule 5003 {
description "Modem Access Masquerade"
log disable
outbound-interface eth7
protocol all
type masquerade
}
rule 5004 {
description "Masquerade to vtun1"
log disable
outbound-interface vtun1
type masquerade
}
}So the only source NAT which is in "action" is the masquerade to pppoe0. But I've logged that one and the only messages here are from my webproxy 10.0.0.2, not even a single one from my client 10.0.1.111.
But who is responsible for the SNAT translation rule? I have all set up for the external proxy, but that's a showstopper. Is this a bug somewhere?