Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 3 subscribers
  • Views 14310 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to Configure usable IP range of addresses

SrinivasanMunikrishnan

Hi,

I started exploring Sophos UTM 9.4 Essentials installed in my own server. I am able to configure the WAN and LAN interfaces in eth1 and eth0 and the local internet was working fine. Now I want to configure the Static Ip got from my ISP (4 IP's). Please find the IP details wee got from ISP below and provide me a detail solution.

WAN IP Block - X.X.X.64/29

Network IP: X.X.X.64

Ip Usable Range : X.X.X.66 & X.X.X.70

Subnet: 255.255.255.248

Gateway: X.X.X.65

Broadcast IP: X.X.X.71

I have two nic in my server and assigned eth0 - Internal (172.22.0.254/24) and eth1 - WAN (X.X.X.66/29) and gateway X.X.X.65

After that I have added a fire wall rule -  Internal Network > any > any and Masquerading Internal Network > WAN

Please help to configure the usable IP  from 67 to 70.

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hi, Srinivasan, and welcome to the UTM Community!

    With UTM, it is not necessary to have a default gateway within your subnet.  You could, for example assign x.x.x.64/32 to your WAN connection and have a default gateway of x.x.x.1.  The default gateway should be the IP of your ISP's router to which you connect.  If that is x.x.x.65, then that is correct.

    You should not need to reserve x.x.x.71 as a broadcast address - you can use it along with 66 through 70.

    For example, create an Additional Address on eth1 named "Mail" with x.x.x.66/32.  You can receive mail to your mail server using a NAT rule like 'DNAT : Internet -> SMTP -> External [Mail] (Address) : to {mail server}'. You can send mail from .66 using 'SNAT : {mail server} -> SMTP -> Internet : from External [Mail] (Address)'.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    Meanwhile i have started configuring the DAT / SNAT as you mentioned. I am clear with "External [Mail] (Address)", it is the additional ip address i have created and the IP is 182.156.255.67. But i am not clear with "to{mail server}". I assume it will be my local mail server address and i added the same in the NAT rule and instead of SMTP i have added http service to access the internet.

    If i ping what is my Ip form the local server it is showing 182.156.255.67 correctly but not able to access the internet inbound / outbound.

    NAT Rules i have created

    'DNAT : Internet -> http-> External [Mail] (182.156.255.67) : to {172.22.0.242}'.

    'SNAT : {172.22.0.242} -> http-> Internet : from External [Mail] (182.156.255.67)'.

    Thanks

    MKS

  • 0 in reply to SrinivasanMunikrishnan

    Start with DNS best practice.  Does that resolve your issue with the DNS blocks shown in the Firewall Live Log?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply Children
No Data
Unfiltered HTML