This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM NEWBIE Masquerade + NAT

Hallo Leute,

habe ein hoffentlich einfaches Problem.

Und zwar hab ich einen kleinen "server / proggy" auf den ich von außen per NAT Port weiterleitung zugreifen kann. Soweit so gut. Die Weiterleitung funktioniert prima.

Jedoch bekomme ich beim Server immer die INT Interface IP von der Sophos angezeigt und nicht die externe (Internet) IP des Clients der Verbindet. Die Firewall Regel wird für die NAT Freigabe wird als erstes abgearbeitet.

Ein Bild von den Maskierungs Regeln hab ich angehängt. Bringen diese ANY --> Interface Maskierungsregeln überhaupt was?

This thread was automatically locked due to age.

Parents

0 apijnappels over 6 years ago

I think you just need to delete the second rule in your screenshot. For outside access to an inside host you need a DNAT rule, not masquerading. Simply create a DNAT rule for traffic going to External WAN (address) on the desired port(s) DNAT to your internal server.

Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.
Cancel
Vote Up 0 Vote Down

Cancel
0 schnub over 6 years ago in reply to apijnappels

This is what the DNAT rule looks like, but still only UTM Gateway Address on the Gigablue Quad.
Cancel
Vote Up 0 Vote Down

Cancel
0 apijnappels over 6 years ago in reply to schnub

Did you also delete the masquerading rule from External WAN (Address) to Internal?

Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 apijnappels over 6 years ago in reply to schnub

Did you also delete the masquerading rule from External WAN (Address) to Internal?

Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 schnub over 6 years ago in reply to apijnappels

yes i´d deleted the entry as you suggested, but still no ext ip still utm ip.
Cancel
Vote Up 0 Vote Down

Cancel
0 apijnappels over 6 years ago in reply to schnub

I didn't really look close enough to your first post (and the images), but I think also the ANY masqerading rules should be deleted as you kinda suggested already.

Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.
Cancel
Vote Up 0 Vote Down

Cancel
0 schnub over 6 years ago in reply to apijnappels

yes i deleted all masquerade rules. just let the internal to external masquerade rule and voila all works as expected. thnx!
Cancel
Vote Up 0 Vote Down

Cancel