ER605 Router NATs packets going from LAN->LAN when using Virtual Servers
Hello, I am having a very wierd problem that I am 90% sure is a bug. First, I recently upgraded firmware from version ER605(UN)_V2.6_2.2.6 Build 20240718 to version ER605(UN)_V2.6_2.3.1 Build 20251015.
Before I made the upgrade, my setup was working correctly.
Here is the problem. I have two lan networks/vlans, call them 'Office' and 'Servers'. I have a PC on the 'Office' network (192.168.197.106/24) trying to use SSH on a server on the 'Servers' network (192.168.97.97/24). I have a firewall on the server that used to allow SSH connections to 192.168.197.106 without incident. As soon as I upgraded firmware, I couldn't connect to that server anymore.
After troubleshooting, I realized that I also have a Virtual Servers (port forwarding) setup so I can access the SSH server from outside the router on WAN1 (lets say 12.34.56.78 is the WAN IP) to access 192.168.97.97 on the 'Servers' network.
What is happening is that when I send packets from source 192.168.197.106 to destination 192.168.97.97 to connect as usual, IF the virtual server is enabled, the router is performing nat on those packets or otherwise changing the source from 192.168.197.106 to 12.34.56.78, and then forwarding them to my server. My server rejects the connection it because I don't have a rule setup to allow public IP addresses.
I don't expect any NAT translation or changes to packets when I am communicating from LAN to LAN inside local networks. I would expect packets moving between LANs without changes to packets. Again, I stress that this setup worked normally before I upgraded the firmware.
As soon as I turn off the virtual server for SSH from the WAN in settings, I can communicate between my PC and the server normally. I have tried deleting and reentering the virtual server rule and this did not fix the problem. The only way I can fix this is to change my setup to allow a 'public' connection from 12.34.56.78, which is silly since it's lan to lan, and I have to change a LOT of setup in my networks to fix this problem.
Please advise.
