Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 2202 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Masq NAT - assigning private ip to a public static ip.

rahman
Hi, 

I am trying to assing static ip to priveate ip blocks. Let me explain more;

Lets say floor1 has 192.168.1.0/24 private ip blocks and floor2 has 192.168.2.0/24 etc. 

I setup bridge mode and have EXTERNAL interface with the 79.79.79.2/26 ip. And aditional ip named floor1_NAT_ip which is 79.79.79.25/26

I set Masq nat rule that says 192.168.1.0/24 -> EXTERNAL -> 79.79.79.25/26

And I set full transparent mode in http/s security. 


Well, the problem the private block uses EXTERNAL interface's ip -79.79.79.2- on internet (whatismyip.com) instead of the masq NAT ip -79.79.79.25-.


What am I doing wrong?



Edit: The thread header is misleading. What I ask is, use a public static ip for a private ip block when going out internet


This thread was automatically locked due to age.
Parents
  • 0
    As I said, "there's no way to separate proxy traffic based on the local subnet."  The proxy does it's own "masquing" so that all traffic leaving it is coming from your "External (Address)" instead of the originating subnet. You can change the 'Source' for all of the traffic, but not for any portion of it.

    There is a feature request for this that you might want to vote for: WebSecurity: Proxies and Profiles Mapping to Additional Addresses.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    As I said, "there's no way to separate proxy traffic based on the local subnet."  The proxy does it's own "masquing" so that all traffic leaving it is coming from your "External (Address)" instead of the originating subnet. You can change the 'Source' for all of the traffic, but not for any portion of it.

    There is a feature request for this that you might want to vote for: WebSecurity: Proxies and Profiles Mapping to Additional Addresses.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Cookie Information Banner