Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 8 subscribers
  • Views 8236 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I route a static IP to one interface?

jon bushey

I am trying to take one of my static IPs and send all its traffic to eth3. Actually, I would like to take two of the static IPs and route them to eth3. One is for a Obi202 and the other is a web server. I set up the interfaces and I added the IP addresses to the WAN interface but how do I get the traffic to go to eth3?

Is this the best way to do this? It seems like I should assign internal addresses to the Obi202 and the web server and then do some kind of translation to get the traffic to the machines. But I have no idea how to do this.

I am a newbie and so please give me some direction in simple language.

And, as a final note, it seems like this would only take someone 15 minutes if they knew about Sophos UTM. How do I find a consultant that I could pay to set this up?

Jon



This thread was automatically locked due to age.
  • 0

    Hi Jon and welcome to the UTM Community!

    More like three minutes. ;-)

    Let's assume you have an Additional Address Obi202.  On the 'NAT' tab of 'Network Protection >> NAT', make a new NAT rule of type DNAT for traffic from "Internet IPv4" using service "Any" going to "External [Obi202] (Address)."  In 'Change the destination to", click on the green plus sign and create a Host object "Obi202" with the internal IP address of Obi202.  Select 'Automatic firewall rule' and Save.

    An alternative for a web server is to use Webserver Protection, but that's a bit of a challenge for a newbie.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Just a reminder also. Looking at your image, you have a DMZ which will be a total different subnet to your internal subnet.

    Your servers that you want to expose to the internet will be on the DMZ subnet. You will need a masquerading rule or SNAT to allow these servers to reply.

    Easiest way is to copy the existing masquerade rule you have and change the source eg you will have internal > external and you need to create a DMZ > external

  • 0 in reply to Louis-M

    Thank you both for your suggestions. I have been playing with this and I just cannot get it working. I must have something wrong someplace else.

     

    So is there someone that could help me out by taking a look at my config and then fix things? I would be willing to pay because my wife is not happy that the home phone is not working.

     

    Jon

  • 0 in reply to jon bushey

    Hi Jon,

    did you get any further with this? Happy to help but certainly don't need paying.

  • 0 in reply to Louis-M

    Hi Louis-M,

    I did get the Obi202 working but it is on the same VLAN as everything else. I would like some separation for security. In any case, I am getting a quote on some Sophos consulting because I think I have a few things wrong and I would like a few changes.

    I appreciate your offer to help but I don't want to start a bunch of threads on all the different things I am wanting done. I think it is more efficient to pay someone to do it.

    Jon

Unfiltered HTML