Hello,
I guess its basics, however cannot understand why traffic for directly connected interfaces are getting source natted by wan public ip.
Set up is Sophos XG firewalls connected directly via HA DMZ interface and have assigned 10.238.238.0/30 network on each interface. Observed icmp packets with no echo reply
10.238.238.1 - console> tcpdump "host 10.238.238.2"
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
10:14:21.372474 PortB2, OUT: IP 220.***.99.120 > 10.238.238.2: ICMP echo request, id 57138, seq 25, length 64
10:14:22.372508 PortB2, OUT: IP 220.***.99.120 > 10.238.238.2: ICMP echo request, id 57138, seq 26, length 64
and
conntrack -L -d 10.238.238.2
proto=icmp proto-no=1 timeout=29 orig-src=10.238.238.1 orig-dst=10.238.238.2 type=8 code=0 id=53566 packets=4ytes=3696 [UNREPLIED] reply-src=10.238.238.2 reply-dst=220.***.99.120 type=0 code=0 id=53566 packets=0 bytes=0 ma0x0 use=1 id=106908480 masterid=0 devin= devout=PortB2 nseid=0 ips=0 sslvpnid=0 webfltid=0 appfltid=0 icapid=0 poytype=0 fwid=0 natid=0 fw_action=0 bwid=0 appid=0 appcatid=0 hbappid=0 hbappcatid=0 dpioffload=0 sigoffload=0 inz=0 outzone=0 devinindex=0 devoutindex=14 hb_src=0 hb_dst=0 flags0=0x0 flags1=0x4000000000 flagvalues=106 catid=0er=0 luserid=0 usergp=0 hotspotuserid=0 hotspotid=0 dst_mac=00:00:00:00:00:00 src_mac=00:00:00:00:00:00 startstam646040093 microflow[0]=INVALID microflow[1]=INVALID hostrev[0]=0 hostrev[1]=0 ipspid=0 diffserv=0 loindex=0 tlsrud=0 ips_nfqueue=0 sess_verdict=0 gwoff=0 cluster_node=0 current_state[0]=22 current_state[1]=0 vlan_id=0 inmark=0brinindex=0 sessionid=16884 sessionidrev=64284 session_update_rev=0 dnat_done=0 upclass=0:0 dnclass=0:0 pbrid_dir pbrid_dir1=0 conn_fp_id=NOT_OFFLOADED
thanks
This thread was automatically locked due to age.
