I tried upgrading from 1.2 to 1.3.
Everything seemed to be working except one thing:
I have multiple static IPv4 addresses on my external NIC interface eth2.
The eth2 NIC is in the Internet zone but my servers are on the Internal zone.
I then use DESTINATION NAT to translate the IPv4 address to an internal address and forward the packet on to that host.
In 1.2 it works fine, but in 1.3 it is acting like the IPv4 address and port are on the LOCAL zone instead of the Internet zone and it is not translating the IP address like my DESTINATION NAT rule says to do.
I'm getting an entry in the firewall log that says the packet to IP port 25 is being rejected and the rule name shows up in the internet-local4 zone firewall log.
As indicated above, this works great on 1.2.
Has something changed wrt to NAT or ZONES in 1.3 that wouldn't work the same and now cause the packet to be rejected?
Is this a bug or is there a different way to do in 1.3 what I've been doing in 1.2 and previous versions?
Is that explanation sufficient or do I need to show more detailed configuration?