Ok so I’m reasonably confident that the problem I have is simply a routing issue.
As I mentioned before I have a firewall which I am keeping (untangle) which was also the router, dhcp and dns.
I’m moving at least dhcp, dns to nethserver which will run behind the firewall.
I’d rather do intervlan routing (some VLAN must not touch internet, untrusted ip cameras etc) on nethserver because being virtualised it can benefit from best network bandwidth. I am also reasonably sure it’s good practice to keep internal traffic away from firewall, certainly not to run internal traffic through it.
The reason why I can’t ping nsdc container is simply because my gateway was set to the firewall.
if i set the gateway to itself (nethserver) then my network can ping nsdc container but can’t ping internet.
if i double nat i can ping it all, but then untangle is a bit of a waste as it can’t see the traffic source/destinations clearly.
So i’m looking for a solution without double nat.
I’ve not spent my usual time researching this bit yet. but I wanted to update you on it.
@Andy_Wismer, I actually also found you had a very similar problem before -> NethServer AD Routing
i’m unsure though that I need to change anything in the nsdc container, I think i just need to manage clients routing tables with either the route to internet, or route to nsdc container.
thanks again, hopefully my issue makes more sense now.