This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I route a static IP to one interface?

I am trying to take one of my static IPs and send all its traffic to eth3. Actually, I would like to take two of the static IPs and route them to eth3. One is for a Obi202 and the other is a web server. I set up the interfaces and I added the IP addresses to the WAN interface but how do I get the traffic to go to eth3?

Is this the best way to do this? It seems like I should assign internal addresses to the Obi202 and the web server and then do some kind of translation to get the traffic to the machines. But I have no idea how to do this.

I am a newbie and so please give me some direction in simple language.

And, as a final note, it seems like this would only take someone 15 minutes if they knew about Sophos UTM. How do I find a consultant that I could pay to set this up?

Jon



This thread was automatically locked due to age.
Parents
  • Hi Jon and welcome to the UTM Community!

    More like three minutes. ;-)

    Let's assume you have an Additional Address Obi202.  On the 'NAT' tab of 'Network Protection >> NAT', make a new NAT rule of type DNAT for traffic from "Internet IPv4" using service "Any" going to "External [Obi202] (Address)."  In 'Change the destination to", click on the green plus sign and create a Host object "Obi202" with the internal IP address of Obi202.  Select 'Automatic firewall rule' and Save.

    An alternative for a web server is to use Webserver Protection, but that's a bit of a challenge for a newbie.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Just a reminder also. Looking at your image, you have a DMZ which will be a total different subnet to your internal subnet.

    Your servers that you want to expose to the internet will be on the DMZ subnet. You will need a masquerading rule or SNAT to allow these servers to reply.

    Easiest way is to copy the existing masquerade rule you have and change the source eg you will have internal > external and you need to create a DMZ > external

Reply
  • Just a reminder also. Looking at your image, you have a DMZ which will be a total different subnet to your internal subnet.

    Your servers that you want to expose to the internet will be on the DMZ subnet. You will need a masquerading rule or SNAT to allow these servers to reply.

    Easiest way is to copy the existing masquerade rule you have and change the source eg you will have internal > external and you need to create a DMZ > external

Children