Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 6 subscribers
  • Views 1285 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Second LAN not getting internet connection

nmw748

Good afternoon,

I'm hoping someone here can help me out, as I've spent the past several days researching every post I could find on this forum and several hours on the phone with tech support, all with no success.

I am currently trying to setup a second LAN connection for the students, named 'Student VLAN' (it's not technically a vlan, so ignore the name). The Sophos device I'm using is a Sophos UTM 9.707. When I connect my laptop directly into the eth0 port on the UTM, I pull the correct IP address (172.16.20.x) but can not access the internet. Below are all the screenshots of what I have currently setup.

Like I said, I've spent close to 10 hours on the phone with tech support on this, so any help would be appreciated.



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    The configuration of interface, DHCP, masquerading & firewall rule seems ok.

    Please check the packet flow and the packetfilter.log events for 172.16.20.x/24 network.

    Assuming there is a machine located in 172.16.20.0/24 network with 172.16.20.20 IP address.

    ==> Ping 8.8.8.8 or any external IP address from 172.16.20.20 source.

    ==> Check ICMP flow for 172.16.20.20

    utm:/root # tcpdump -nei any host 172.16.20.20 and proto ICMP

    ==> Check packetfilter.log events for 172.16.20.20

    utm:/root # tail -f /var/log/packetfilter.log | grep -i "172.16.20.20"

    ==> Try to access a few websites and share session output here or in PM.

  • 0

    add the output from "tracert 8.8.8.8" to your answer ...


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0

    Unlike your other networks (71.182.134.0/24, 74.98.192.0/23 and 172.10.0.0/16) the Student network is using a so-called "private IP address" as defined in RFC1918.
    This essentially means that these addresses are not part of the publically reachable internet and cannot be addressed directly.
    You need a feature called NAT (native address translation). Sophos UTM can use NAT, you simply have to activate it for this network.

  • 0 in reply to Alan Brand

    Hi Alan,

    the screenshot "Student VLAN (Network) -> Uplink Interfaces" looks like masquerading already ...


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0

    Thank you all for your responses. After some digging and more time on with support, I discovered that there was an old firewall rule for vpn users that used the same 172.16.20.x ip address range and I guess that was messing with the network I'm trying to setup (Student VLAN)? I changed the IP range for Student VLAN from 172.16.20.x to 172.16.30.x and I have internet connection.

  • FormerMember
    0 FormerMember in reply to nmw748

    Hi ,

    Thank you for taking the time to update this thread with a resolution.

Unfiltered HTML