So, I have two VLANs setup: 10.10.10.0/24 and 10.10.11.0/24. If I want certain hosts to be able to access resources on the other subnet, what's best practice for setting that up?
I have the NAT this interface's traffic option checked on both interfaces, which segregates them as I wanted, but the only way I can get something like Ssh from one host in Subnet A to B working is if I do a Port Forward. The strange thing is that the port forward has to be to a different port. So, if I want 10.10.11.2 to be able to ssh to 10.10.10.3, I can only get it to work if I do:
Destination address: 10.10.10.3
Destination port: 23
New address: 10.10.10.3
New port: 22
This can't be right. Should I unchecked the NAT interfaces option and use packet filter rules to prevent communication?
I have the NAT this interface's traffic option checked on both interfaces, which segregates them as I wanted, but the only way I can get something like Ssh from one host in Subnet A to B working is if I do a Port Forward. The strange thing is that the port forward has to be to a different port. So, if I want 10.10.11.2 to be able to ssh to 10.10.10.3, I can only get it to work if I do:
Destination address: 10.10.10.3
Destination port: 23
New address: 10.10.10.3
New port: 22
This can't be right. Should I unchecked the NAT interfaces option and use packet filter rules to prevent communication?