This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to Configure usable IP range of addresses

Hi,

I started exploring Sophos UTM 9.4 Essentials installed in my own server. I am able to configure the WAN and LAN interfaces in eth1 and eth0 and the local internet was working fine. Now I want to configure the Static Ip got from my ISP (4 IP's). Please find the IP details wee got from ISP below and provide me a detail solution.

WAN IP Block - X.X.X.64/29

Network IP: X.X.X.64

Ip Usable Range : X.X.X.66 & X.X.X.70

Subnet: 255.255.255.248

Gateway: X.X.X.65

Broadcast IP: X.X.X.71

I have two nic in my server and assigned eth0 - Internal (172.22.0.254/24) and eth1 - WAN (X.X.X.66/29) and gateway X.X.X.65

After that I have added a fire wall rule -  Internal Network > any > any and Masquerading Internal Network > WAN

Please help to configure the usable IP  from 67 to 70.

Thanks



This thread was automatically locked due to age.
Parents
  • Hi, Srinivasan, and welcome to the UTM Community!

    With UTM, it is not necessary to have a default gateway within your subnet.  You could, for example assign x.x.x.64/32 to your WAN connection and have a default gateway of x.x.x.1.  The default gateway should be the IP of your ISP's router to which you connect.  If that is x.x.x.65, then that is correct.

    You should not need to reserve x.x.x.71 as a broadcast address - you can use it along with 66 through 70.

    For example, create an Additional Address on eth1 named "Mail" with x.x.x.66/32.  You can receive mail to your mail server using a NAT rule like 'DNAT : Internet -> SMTP -> External [Mail] (Address) : to {mail server}'. You can send mail from .66 using 'SNAT : {mail server} -> SMTP -> Internet : from External [Mail] (Address)'.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hi, Srinivasan, and welcome to the UTM Community!

    With UTM, it is not necessary to have a default gateway within your subnet.  You could, for example assign x.x.x.64/32 to your WAN connection and have a default gateway of x.x.x.1.  The default gateway should be the IP of your ISP's router to which you connect.  If that is x.x.x.65, then that is correct.

    You should not need to reserve x.x.x.71 as a broadcast address - you can use it along with 66 through 70.

    For example, create an Additional Address on eth1 named "Mail" with x.x.x.66/32.  You can receive mail to your mail server using a NAT rule like 'DNAT : Internet -> SMTP -> External [Mail] (Address) : to {mail server}'. You can send mail from .66 using 'SNAT : {mail server} -> SMTP -> Internet : from External [Mail] (Address)'.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Thank for your reply. I have modified the eth1 interface as you told. But after adding the IP 182.156.255.66/32 in additional address tab the internet is working. For your reference I have attached the images. I am not good in NAT and all. Can you please provide me step by step in detail for DNAT / SNAT.

    Now I want to assign a external IP in any one of the server located inside the router premises. For example I want to assign 182.156.255.67 and to access inside / outside of this server. In order to do that what are the values for subnet mask and default gateway will be applied in the server. we badly need you help.

    Please find the exact IP address shared by the ISP provider.

    WAN IP Block - 182.156.255.64/29

    Network IP: 182.156.255.64

    Ip Usable Range : 182.156.255.66 to 182.156.255.70

    Subnet: 255.255.255.248

    Gateway: 182.156.255.65

    Broadcast IP: 182.156.255.71

    Please find the images attached below

  • Hi Bob,

    Meanwhile i have started configuring the DAT / SNAT as you mentioned. I am clear with "External [Mail] (Address)", it is the additional ip address i have created and the IP is 182.156.255.67. But i am not clear with "to{mail server}". I assume it will be my local mail server address and i added the same in the NAT rule and instead of SMTP i have added http service to access the internet.

    If i ping what is my Ip form the local server it is showing 182.156.255.67 correctly but not able to access the internet inbound / outbound.

    NAT Rules i have created

    'DNAT : Internet -> http-> External [Mail] (182.156.255.67) : to {172.22.0.242}'.

    'SNAT : {172.22.0.242} -> http-> Internet : from External [Mail] (182.156.255.67)'.

    Thanks

    MKS

  • Start with DNS best practice.  Does that resolve your issue with the DNS blocks shown in the Firewall Live Log?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • If you are publishing a web server, MKS, the better solution is Webserver Security.  If you have that subscription, you will want to start a new thread in that forum.

    If you need to publish Server101 using NAT rules, I would use:

    1. DNAT : Internet -> Web Surfing -> WAN [Server101] (Address) : to {internal Server101 host}
    2. SNAT :{internal Server101 host} -> Any -> Internet : from WAN [Server101] (Address)

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    I will rephrase the same for my low level understating (I am not good in router configuration). Please find the values below if I am right

    DNAT

    Internet: InterntIPV4

    Web Surfing: http

    WAN [Server101] (Address): 182.156.255.67

     {internal Server101 host}: 172.22.0.3 (created a host object in network definition with the local IP)

    Please let me know if the values are right. Also please tell me if there is additional setting in the DNS.

    I need your help on this Bob

    thanks

  • Did you follow the link above to DNS best practice?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Yes I followed Bob but still not able to configure my static IP. Is that okay can I give my Sophos webadmin URL. So that you can have a look and give me a solution please

    Many Thanks

    Bob

  • Bob, I have upgraded my basic license to full trial license of all modules.

    regards

    MKS