Have an SG-565 configured with two WAN connections (lets call them Fibre and ADSL). Recently did some equipment shuffling and moved a couple of DNS servers that had been sitting directly out on the Fibre connection on the internet to the inside of the McAfee, set up the NAT and port forwarding and all appeared to be fine, can access either one of the servers on the inside from either a Fibre IP or an ADSL IP from the outside.
Got a couple of calls from a handful of clients that could no longer access the DNS servers and after pulling out every last one of my hairs have (I think) figured out the cause... need help figuring out if there's a solution now.
The ADSL side of the SG565 has 4 consecutive static IPs from a /26 network, the Fibre side has 4 from a /25 network. The IP's that the clients were using to try to access the DNS were on the Fibre side (and work fine from outside tested from my home cable connection). However as it turns out, the clients who are having difficulties happen to be ADSL clients, and they just happen to have IP's that are out of the same /26 subnet as the 4 ADSL IP's i have on the Snapgear.
My thoughts are that despite the fact that the traffic is coming in on the Fibre IP, the snapgear is seeing that the client's IP address is in the same subnet as our ADSL IP's and getting confused and trying to send the traffic out the ADSL route instead of sending it back out the Fibre IP the way it came in. I'm waiting to hear back from a customer to see if they can see the DNS server if they try to talk to it on one of the ADSL side IPs, though I'm guessing that will work for them just fine since the traffic will go back out the ADSL.
For any other clients not on that same ADSL subnet, the traffic seems to happily go back out the same way it came in whether that is on the Fibre or ADSL.
Any suggestions on how I might resolve or further troubleshoot this issue?
>>>>> Mike <<<<<