I have a LAN subnet 192.168.10.0/24 connected to my CCR-1036. this router acts as DHCP server and Hotspot for users to access internet, a third party accounting server (172.17.1.0/30) is connected to this CCR-1036 router as well.
The router is behind a FortiGate firewall (192.168.100.0/30) and the firewall is connected to ISP, firewall has a connection on the other side to ESX-i server(192.168.13.0/24 for Server-Farm).
I know this router is not needed and is a bottleneck in my network, I'm gonna remove it and connect LAN to firewall directly, but for now...
When I'm going to SSH from a client (192.168.10.134) to a server on ESX-i with IP 192.168.13.1 everything works fine, but on the server I appear to have 192.168.100.1 which is the router (CCR-1036) IP address, I don't want my connection gets NAT on CCR-1036 when going to Server-Farm, I want to see my computer IP address connected to the server instead of the router IP address. My connection gets NAT:
18 chain=srcnat action=accept dst-address=192.168.13.0/24 out-interface=ether7-Firewall log=no log-prefix=""
19 chain=srcnat action=accept dst-address=192.168.10.0/24 out-interface=ether4-LAN log=no log-prefix=""
20 chain=srcnat action=masquerade to-addresses=192.168.100.2 src-address=192.168.10.0/24 log=no log-prefix=""
21 chain=srcnat action=masquerade to-addresses=192.168.100.2 src-address=192.168.60.0/24 log=no log-prefix=""
I tried rule numbers 18 and 19 but when I SSH to a server my connection times out:
ssh: connect to host 192.168.13.1 port 22: Connection timed out
rule number 1 to 17 are the ones predefined by hotspot.
