This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

baffled

I must be missing something here.

using masquerade or nat gives me the same behavior.

if I have PCs sitting on 192.168.10.x/24. If I do a tracert to any private or public subnet, I always hit my provider first hop (after hitting the UTM). Shouldn't normal behavior block private range from leaving sophos UTM ?
How can I block this (unless I have to block all the rfc range manually in the firewall settings).

any help would be greatly appreciated.

Thanks

Simon

This thread was automatically locked due to age.

Parents

0 Billybob over 12 years ago

Shouldn't normal behavior block private range from leaving sophos UTM ?
Why would that be normal behavior if you masqueraded your internal network to external interface? How about if I am double natting and have private ranges on both sides of my UTM... How would I route traffic if natting worked as you want it to work?

Astaro doesn't add any rules... ALLOW or DENY by default. Which means it won't route ANY traffic out of the box. But this also means that once you NAT or Masq something, it won't selectively deny packets unless specified. Hope this makes sense.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Billybob over 12 years ago

Shouldn't normal behavior block private range from leaving sophos UTM ?
Why would that be normal behavior if you masqueraded your internal network to external interface? How about if I am double natting and have private ranges on both sides of my UTM... How would I route traffic if natting worked as you want it to work?

Astaro doesn't add any rules... ALLOW or DENY by default. Which means it won't route ANY traffic out of the box. But this also means that once you NAT or Masq something, it won't selectively deny packets unless specified. Hope this makes sense.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data