This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Masquerading of host not working as expected

Hello.  Masquerading of a host to an additional IP address does not seem to be working and could use some help sorting it out. 

This is a Sophos UTM 9.711-5.  I have an additional public IP on our primary WAN eth1.  I have several DNAT rules that successfully forward traffic from the additional public IP to an internal host so that part works.

I would like all outbound traffic from the internal host to have a source address of the additional public IP.

I created a masquerading rule and said all traffic from the internal host should go out over the Primary WAN interface/additional IP and put that in position 1.

And yet, currently all outbound traffic from the internal host still says it is originating from the primary WAN address instead of the additional public IP.

Assuming no data entry errors, do I have the general configuration correct or am I missing additional steps?  Other ideas to troubleshoot?  Thanks.

This thread was automatically locked due to age.
  • Which service do you use ? (possible HTTP(s) ... with Proxy)

    Do you have a SNAT/Full-Nat Rule capturing the same traffic?

    Please provide screenshots of the masq-Rule and possible matching NAT-Rules.


    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Ahhhh - thanks! Yep traffic was being proxied and that was the issue.  Otherwise the above config works and my testing methodology was flawed.  I was validating my external IP based using IP chicken and so always showed the proxied public IP.  Want to go fast, go alone.  Want to go far, go together.  Thanks for the help, Dirk! 

  • Hi and welcome to the UTM Community!

    Referring to #2 and #2.1 in Rulz (last updated 2021-02-16) will help you with future trouble shooting.

    Cheers - Bob

    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA