It is certainly possible that it is a bug. However, I don't think it will be an obvious one. I have a server that is presently using 12 addresses from a .160 to a .187 area applying 1:1 nat rules in a Class C network.

One thing to check is that the subnet mask is happening correctly on the upstream router. I would also apply a tcpdump on the port and then watch it, ClearOS may be sending the data just find but running into a router upstream that is not aware that you have a .240 but thinks you have a .248. One way to test this is to place another machine outside your firewall and then test your 1:1 NAT rules outside of any interference from your ISP.

Nothing duplicated. I rebuilt the rules from scratch. I can take a single rule and move it from port to port and when I hit the 9th address, the rule quits working.

Do you have any overlapping/conflicting rules in port forwarding?

More info: We have a public subnet with a 240 mask. I have determined that 1 to 1 NAT is only working with the first 8 addresses in our subnet. I can create rules for the rest of the addresses, and the ip's will then show in ifconfig, but the forwarding doesn't work. Is this a limitation of 1 to 1 NAT, or is it likely to be a configuration error?

Duplicate post