Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 608 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

About 1:1NAT

JAN ovedan

hello  everyone

I  am configuring   UTM9 ,This is my first time configuring SOPHOS products

I want to know  in UTM9 ,1:1NAT  =  static  nat 

 in DNAT,how to config  mappedport?

such as  172.16.1.23:80(http)----mapped--- 1.1.1.1:2323 

customize  port 2323   Where to fill in?

source addresss:   test1  (172.16.1.0/24)

destination address: test2(172.17.1.0/24)

1:1 NAT  mode  :map  source   

test1(172.16.1.0/24)------------test3(172.18.1.0/24)

1:1 NAT  mode  :map  destination

test1(172.16.1.0/24)------------test2(172.17.1.0/24)

zhuanxian (http)-------mapped-------server3(http)  ?



This thread was automatically locked due to age.
Parents
  • 0

    If really what you need is traffic coming from the internet to an internal server then you only need a DNAT rule (not 1:1)

    Configure as follows:

    For traffic from: any (or Internet IPv4)
    Using service: http
    Going to: External WAN (Address)

    Change the destination to: <your internal server>
    And the service to: 2323

    Also I recommend to enable Automatic firewall rule so the traffic is also allowed (and automatically disallowed when you delete or disable the DNAT rule). You may also like to enable Log Initial packets under Advanced so you can follow everything in the Firewall logging.

    This way you divert incoming traffic to your external public IP-address on port 80 (http) to your internal server on port 2323.

    1:1 NAT is useful if you wish to translate a source network (not a single IP-address) to a destination network where a.b.c.1 will be translated to d.e.f.1 either for source or destination depending on using Source or Destination NAT.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Reply
  • 0

    If really what you need is traffic coming from the internet to an internal server then you only need a DNAT rule (not 1:1)

    Configure as follows:

    For traffic from: any (or Internet IPv4)
    Using service: http
    Going to: External WAN (Address)

    Change the destination to: <your internal server>
    And the service to: 2323

    Also I recommend to enable Automatic firewall rule so the traffic is also allowed (and automatically disallowed when you delete or disable the DNAT rule). You may also like to enable Log Initial packets under Advanced so you can follow everything in the Firewall logging.

    This way you divert incoming traffic to your external public IP-address on port 80 (http) to your internal server on port 2323.

    1:1 NAT is useful if you wish to translate a source network (not a single IP-address) to a destination network where a.b.c.1 will be translated to d.e.f.1 either for source or destination depending on using Source or Destination NAT.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Children
No Data
Unfiltered HTML