we want to reach a webserver on a single host in our LAN segment through the WAN interface. We've created firewall rules on the WAN interface to reach the host and are able to see that our packet passes. Nevertheless we are not able to reach the website. It seems that we have problems with the outbound NAT rules.
What kind of configuration do we need to perform to get the outbound connection working? We suspect that the ip address is still NATed despite our existing outbound NAT rule.
We have two independent private networks, which are firewalled and NATed with their own firewalls and own public IPs. Now we have to reach exactly one host behind the SmallWall. For the firewall rules to work we don't want to NAT for this connection.
So we told each firewall how to reach the private networks (static routes), opend the respective ports, and disabled the NAT for the outgoing traffic. We can "see" the hit in SmallWalls firewall logs. But the "answering" traffic can nowhere be seen at the other firewall.
We suspect that the SmallWall still NATed this traffic, or took the wrong route.
Remember that "Source" is the local network, and "Destination" is the external IP or network. So your Target is 10.17.0.0/24 because it is "Outbound." Often this is backwards... So it would be something like Source = (LAN Subnet) and Destination = Not 10.17.0.0/24, and create no rule for 10.17.0.0/24 since there is no NAT. But this gets complex fast and it is easy to miss something. Essentially all I use it for is to disable port randomization for older SIP services.