Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 29 subscribers
  • Views 434 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG NAT for essential services.

Alpha Beta

Hello all

I want to create NAT + Access rules for DNS and NTP so any UDP 53 and UDP 123 traffic targetted for WAN gets redirected to internal servers.

Can anyone suggest how that can be achieved? 

Thanks

A



This thread was automatically locked due to age.
Parents
  • 0

    Have you tried setting up a DNAT rule based on the service (DNS) to redirect to a new (internal) destination? You'd then have to allow access to the (internal) destination if it wasn't already provided.

    You could test with "dig @aaa.bbb.ccc.ddd sophos.com" where aaa.bbb.ccc.ddd is the internal DNS server's address. Once you have the access issue done, you could try the DNAT and see if the redirect happens.

  • 0 in reply to Wayne Folta

    (I tried this at home. I don't have an internal DNS server, so I redirected queries from Google to Cloudflare... except I forgot that since it's leaving my network in both cases, I needed to SNAT MASQ... And for various reasons, I ended up crashing the Sophos. It came back up with the erroneous rule there, and maybe the crash was just because I've been messing with settings all day and finally did one too many things, or maybe it was the lack of MASQ. I've disabled the NAT rule for now.)

Reply
  • 0 in reply to Wayne Folta

    (I tried this at home. I don't have an internal DNS server, so I redirected queries from Google to Cloudflare... except I forgot that since it's leaving my network in both cases, I needed to SNAT MASQ... And for various reasons, I ended up crashing the Sophos. It came back up with the erroneous rule there, and maybe the crash was just because I've been messing with settings all day and finally did one too many things, or maybe it was the lack of MASQ. I've disabled the NAT rule for now.)

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?