Hi,
I'm trying to get static nat working but I'm a bit lost at the moment. The configuration looks simple, but I can't figure out why it isn't working.
The goal is for all outgoing traffic from 10.10.10.10 to get translated and look like it originates at 1.1.1.5.
However, when traffic flows from 10.10.10.10 to internet, it get's source nat'ed to 1.1.1.2 instead. I can't figure out why as I thought static nat took precedence over source nat. Any suggestions?
Relevant configuration:
> show configuration interfaces reth0
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
family inet {
address 1.1.1.2/26 {
preferred;
}
address 1.1.1.3/26;
address 1.1.1.4/26;
address 1.1.1.5/26;
}
}
> show configuration security nat source
rule-set trusted-to-internet {
from zone trusted;
to zone internet;
rule trusted-nat {
match {
source-address 10.0.0.0/8;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
> show configuration security nat static
rule-set static-nat {
from zone internet;
rule mtaout {
match {
destination-address 10.10.10.10/32;
}
then {
static-nat {
prefix {
1.1.1.5/32;
}
}
}
}
}
> show configuration security policies from-zone trusted to-zone internet policy srv
match {
source-address servers;
destination-address any;
application any;
}
then {
permit;
}
> show configuration security zones security-zone trusted address-book
address servers 10.10.10.0/24;