This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Struggling a bit with WAN to LAN access

I have just installed UTM 9 on my home network.

 

Interfaces configured as below

I have configured NAT Masq as below

From my "Internal" network I have no problems accessing machines on the internal network, or on the "Internet" interface ( even hosts on the internet as the G/W for my "Internet" interface is my cable modem).

 

From my "Internet" network I am unable to access any host on the "Internal" network.

I have created an open rule as below - but I still can't access by "Internal" hosts from the "Internet" network

 

Any ideas on why I might be missing?

 

David



This thread was automatically locked due to age.
Parents
  • HI David,

    because of the MASQ rule, you will need to create a DNAT rule from WAN to LAN.

    that should sort you out, but it may be that you really need a router rather than NAT firewall.

    XG & UTM Architect (Systems: XG v18 & UTM 9.7 - Virtual, HW & SW)
    Curious enough to take it apart, skilled enough to put it back together, Clever enough to hide the extra parts when I'm Done!

Reply
  • HI David,

    because of the MASQ rule, you will need to create a DNAT rule from WAN to LAN.

    that should sort you out, but it may be that you really need a router rather than NAT firewall.

    XG & UTM Architect (Systems: XG v18 & UTM 9.7 - Virtual, HW & SW)
    Curious enough to take it apart, skilled enough to put it back together, Clever enough to hide the extra parts when I'm Done!

Children
  • Thanks Argo,

    I got it sorted in the end.

    I'm going to use Sophos UTM as an edge threat management environment that essentially passes traffic to a single internal IP address, so I think NAT is fine.

    The single internal IP address is actulally going to be the "WAN" side of a pfSense (S/W) router that will manage further internal subnets and VLANS for my "home", "dev", "media" servers.

    All of this is running in my vCenter environment across 5 ESXi hosts, so pretty complicated!

     

    David

  • Hi David and welcome to the UTM Community!

    Note that "Internet (Network)" in your configuration = 192.168.237.0/24.  It is not the same as the "Internet IPv4" object that you will want to use in your Firewall rules.  I didn't follow your second post, but I think you might want to back up and start over.

    It's usually preferable to put the ISP connection in bridge mode so that the UTM can have a public IP on its "External" interface.  See The Zeroeth Rule in Rulz and review #2 through #5.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA