Hello,
I've got some problems with IPv6.
First my environment:
- Sophos UTM220rev5
- 1 WAN with Dual Stack IPv4/IPv6
- internal LAN and DMZ with Dual Stack IPv4/IPv6
- internal LAN Exchange 2010 server with OWA (mails are going through the UTM)
- internal LAN Windows Domain Controller with DHCP
IPv4 config:
WAN: xx.xx.xx.162
OWA: xx.xx.xx.165
IPv6 config:
WAN: xx::2
OWA: xx::cf36
OWA address is mapped on interface WAN. (Just as some more addresses like one for VPN etc.)
Outgoing IPv4 mails are send through WAN just like it should (using WAN IP). If I visit pages which tell me my IP I got the correct IP (the IP from WAN because we use NAT for IPv4).
Outgoing IPv6 mails somehow go over OWA IP, also the client http/s traffic.
My Domain Controller assigns me e.g. the IP xx::908a:e5d5 (valid LAN IP). The mailserver also got a vaild static LAN IP. But no matter from which client or server I visit the 'whatsmyip'-websites, I've got everytime the xx::cf36 address and not the WAN2 address or the address of the server/client itself.
Firewall rules are the same for IPv4 and IPv6.
My question: why is every IPv6 stuff going over the OWA xx::cf36 address?
How can I affect it?
In my theorie the mails should be going out over WAN xx::2 and not OWA xx:cf36.
And for the clients I would expect that they are a) using also WAN xx::2 or their DHCP assigned IP (e.g. xx::908a:e5d5).
==UPDATE==
Apparently the Web protection is responsible for the http (port 80) traffic going over co:ff:ee::cf36.
But the ::cf36 is not the IP of the gateway. I would expect it is the WAN IP but I am not sure.
Yet my main Problem is that outgoing mail (SMTP) is also using the co:ff:ee::cf36 address for sending mail and not the co:ff:ee::2 or co:ff:ee::1 from our router. The mail traffic is going through the UTM SMTP proxy.
==UPDATE==
If you need more information or configs for a better understanding please ask.
Best regards
Chris
This thread was automatically locked due to age.
