This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to disable IPv6 NAT

So I finally have an Internet connection with IPv6 addressing and thought I had everything setup correctly.  I'm able to get to IPv6 sites without a problem however I'm unable to disable the NAT.  I changed the masquerading rule to only NAT v4 stuff like so:

However when I go to any test site (or my own server for that matter) I always get the "Native over WAN" address of my Sophos box rather than the actual IP of the machine behind it:

When I do an IP config on my laptop I can see that I have an address from the delegated prefix:

Is there something else I need to do to fully disable the IPv6 NAT?  Thanks!!



This thread was automatically locked due to age.
Parents Reply Children
  • Just tried disabling the web protection as a test. With it shut off IPv6 doesn't work at all. That's not a solution anyway, I don't want to disable the web protection...
  • sorry i  should have been a little more clear... clearly you have a ipv6 configuration error but web filtering IS the reason why you dont see the computers individual ip address. i was suggesting turning it off just to show that it is indeed the reason.. you can still have it enabled and have it show your source IP but it will take a bit more configuration involving certificates and making sure each computer gets issuesd the certs .. there is even a note about it on the page ...

    'Full transparent mode is only available when running in Bridged mode. This option will preserve the source IP addresses after they pass through the Web Filter.'

  • DavisDarvish said:

    sorry i  should have been a little more clear... clearly you have a ipv6 configuration error but web filtering IS the reason why you dont see the computers individual ip address.

    I'm aware I have a configuration error, that's why I came here for assistance.  As I mentioned when I turned off the web filter for a test I cannot browse via IPv6 at all.  

    DavisDarvish said:

    you can still have it enabled and have it show your source IP but it will take a bit more configuration involving certificates and making sure each computer gets issuesd the certs

    I'm willing to work through the additional configs, but I want to make sure it's going to work properly before doing so.  
    So what do you suggest I do next?
  • can you share with us the definition u made for internal ipv4 network in the masquerade settings?
    i want to confirm it is 192.168.9.0/24
  • DavisDarvish said:
    can you share with us the definition u made for internal ipv4 network in the masquerade settings?
    i want to confirm it is 192.168.9.0/24

    As requested yes, it is 192.168.9.0/24:

  • Well im not sure but if you wanna jump on a google hangouts or skype session id be happy to share my screen and we can compare settings to see if that makes a difference
  • Did you ever get to the bottom of this as I have the same issue?

  • Nope, still natted.  :/

  • this is not a bug, its a feature

     

    you are using the proxy through web protection, so the sophos utm acts as a proxy and filters the websites

    its technically not possible that the sophos acts on behalf of your clients IPv6 while still using web protection/proxy. 

    This is how it is supposed to be.

    ---

    Sophos UTM 9.3 Certified Engineer

  • I did a bit of playing last night and now have my IPv6 traffic non-natted having tweaked my NAT rules (I don't use web filtering). But when I do switch on filtering, as a test, NATting comes straight back again. So I agree, it's a feature of web filtering.