Ok folks. Here's the story. I forgot the password to my Sophos box in my VPC so I provisioned another one using the same instructions as before from a Sophos video (https://www.youtube.com/watch?v=7vjgVUUJyIc).
I set up everything ( I think correctly). I put the box in the public facing side of my VPC (10.0.0.0/24) and gave it 2 NICs. External NIC is 10.0.0.5 and Internal NIC is 10.1.0.5. There is an Elastic IP on the instance too. I added the masquerade rule for 10.0.1.0/24 and added firewall rules for HTTP, HTTPS, ping and NTP. All works. I can browse the web, etc. from any machine in the 10.0.1.0/24 subnet.
Here's the problem. I want to add another subnet (10.0.0.2.0/24) that also needs access to the outside world. So I added a network object in Sophos called Internal .2 Network with 10.0.2.0/24 as the range. I added that object to another masquerade rule and to the existing firewall rule. All looked good in the sense that pings were going through the Sophos firewall from 10.0.2.x machines instead of being dropped. But I cannot browse the internet. I get "Waiting for www.yahoo.com" for example in any browser (IE, Firefox, Chrome). I can ping www.yahoo.com with no issues. And even the dropped packets for port 80 traffic stopped when I added the above rules for 10.0.2.0/24 but the browsers will not bring back any web page.
I installed Packet Sender and send a packet over port 80 to www.google.com. There and back it responded but no browsing the internet. I have tried this from 3 machines in the 10.0.2.0/24 space with the same results.
If you do a tracert to www.google.com from a machine in 10.0.1.0/24 or 10.0.2.0/24 the first hop is the internal NIC of the Sophos box (10.0.1.5) as it should be.
Any ideas ?
Thanks
Peter
This thread was automatically locked due to age.