This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SNAT problems with new server

I am unable to get SNAT to work on one of my servers. I have SNAT working well for my mail servers, web servers, and my desktop. I can get the desktop to change external ip's on the fly with no problems. But I am installing a new Unbuntu web server and it is stubborn. It always shows that it is using the default gateway as its external ip. I am using the command 'curl https://ipinfo.io/ip' to get my external ip. I enabled log initial packets on the SNAT rule and I do see where it is logged in the firewall.log, but there isn't much information in the log as to the address translation itself. I also enabled the logging on my desktop to verify what the log display would look like when it was working. Rule #2 is my problem, and rule #4 is the desktop that I can set to any of the external ip's.

Is there another log I can look at to see how the translation is being handled or going off the rails?

I don't think it matters, but I have two internet connections with /28 subnets of assigned external ip's. I intend to use the webserver protection features for the new server but it is not handling the source translation either. I currently have the webserver protection options disabled.



This thread was automatically locked due to age.

Top Replies

  • FormerMember
    FormerMember +1 verified

    Hi ,

    Thank you for reaching out to the Community! 

    Did you try to configure Masquerading from Network Protection > NAT > Masquerading > Add Masquerading rule > Network > Add the server…

Parents
  • FormerMember
    +1 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    Did you try to configure Masquerading from Network Protection > NAT > Masquerading > Add Masquerading rule > Network > Add the server IP address > Interface > the WAN interface > Use address. 

    Can you please confirm if you have web filtering configured? If the traffic is filtered through a web proxy, it will ignore the SNAT rule and use the default IP address. 

    Thanks,

  • I don't have the masquerading configured. I do have web filtering configured and once I added the new server to skip transparent mode in Web Protection > Filtering Options > Misc > Transparent Mode Skiplist the translation worked as expected. Thank you for the tip!

    I had been looking through the Rulz in Rule 2.1 and that didn't indicate that web filtering was involved so I forgot about that configuration. 

Reply
  • I don't have the masquerading configured. I do have web filtering configured and once I added the new server to skip transparent mode in Web Protection > Filtering Options > Misc > Transparent Mode Skiplist the translation worked as expected. Thank you for the tip!

    I had been looking through the Rulz in Rule 2.1 and that didn't indicate that web filtering was involved so I forgot about that configuration. 

Children