Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 1321 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Different IP on UTM interface (WAN) than physical NIC

TheRealShadowHunter

Hello all,

Never seen this behaviour, cannot explain...

Running latest version of Sophos UTM 9 on Hyper-V (Windows Server 2012R2) for many years without any problem. 

Till now:

1. Physical NIC connected to ISP modem, IP: 84.194.34.175 (just an example) - I reveived dynamic IP from ISP

2. Interface on UTM (created at installation) IP: 84.194.22.117 (just an example)  

 

Behaviour:

 1. Both IP belong indeed to my ISP

 2. Quering my IP via a website return: 84.194.34.175

 3. Ipconfig on host returns: 84.194.34.175

 4. I can externally RDP the host via SSH when using 84.194.34.175

 5. I cannot reach my websites running on this server using 84.194.34.175 but  I can reached them using 84.194.22.117 (virtual/real webserver via UTM) 

I simply cannot grasp when I see two different IP's. Always have they been the same in UTM and physical NIC, this should not even be possible IMHO. Can this come from the virtual switch i created in Hyper-V? Still, it has been same IP for years...

For days I have been searching and trying but nothing seems to resolve this issue. I simply don't know where the IP in the UTM interface is coming from. 

I hope someone has some pointers for me. 

Thank you so much. 

Have a nice weekend.
ShadowHunter



This thread was automatically locked due to age.
  • 0

    Hello ShadowHunter,

    Thank you for contacting the Sophos Community.

    How did the issue start happening did you reboot the Windows computer or the UTM?

    Maybe your ISP saw two requests from two different MAC addresses and that is why you got an extra one? I see the mask is /19.

    What happens if you set the Public IP of the UTM manually to the same as the Windows computer?

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Hello emmosophos,

    Thank you so much for replying.

    I alas cannot pinpoint when it started... One of the first things I tried was indeed changing the UTM public IP from dynamic to manually to match the host but the result was that I totally lost internet access for all clients behind the UTM.

    The fact I can't reach my website hosted on the server is a wrong DynDNS update via the UTM. So, this is merely a side effect of the original issue.

    I absolutely have no clue how to proceed.

    Happy to receive any tips I can get :-)

    Thank you.

    ShadowHunter

  • 0

    Hoi SH,

    I think your issue is in your Hyper-V configuration.  It sounds like your UTM is working correctly.  The way a Virtual Server functions, one would expect to see traffic accepted only on 84.194.22.117.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hello Bob, 

    Thank you for your feedback. You were absolutely right, I finally got it up and running again, alas there wasn't just a single issue... but Hyper-V' messed-up configuration was the main culprit. 

    1. For some reason the virtual switches in Hyper-V didn't show any NIC's in their configuration, I could nor edit nor remove them... very messed up, always error messages

    >> I had to completely remove the Hyper-V role and reinstall it, now the virtual switches are back to normal

    2. It seems that the NIC bond to the virtual switch for WAN-side had somehow the box ticked to allow management by the OS. I believe this lead to the dual IP issue. One for the OS and one for the virtual switch. Turning this tickbox on and off confirmed this theory 

    3. The fact that my websites were not reachable also had two root caues:

    - FreeDNS was obviously wrongly updated with the incorrect IP of the UTM

    - The domain of the free subdomains I use from FreeDNS were since last week "broken", not in use anymore apperantly... (what are the odds?)

    So, after a nights work, registering new subdomains and lot of editing all is up and running again. 

    I hope one day this post can be of use to some else ;-) 

    Thank you all for you support. 

    With best regards, 

    ShadowHunter

Unfiltered HTML