Forum Discussion
Firstly, the first 2 packets belong to one TCP connection and the last 2 to another TCP connection. Because the ports are different.
Change your filter to:
tcpdump -nni 0.0 'host 10.3.120.5 and host 10.2.120.31 and tcp port 135'
You will get all traffic.
So, yes you can have multiple forward virtual servers. For virtual servers, the VLAN enabled should be where the traffic arrives. The return traffic is allowed back. The problem is that in your example, the other packet comes in a new TCP connection, so is handled by the other virtual server that is enabled in that VLAN.
Also, is normal to see 2 packets, because of the forward virtual server. TCP handshake is between endpoints, one packet is in and one is out.
I guess you just did not capture the return traffic, or web server is not routing correctly.
See this solution for more information: