Hello,
I am trying to set up a Sophos firewall. We have several public IPs and I need to set up NAT for several of our servers. For starters, I tried to set up DNAT for terminal server services into one server on our main wan public IP, and then terminal servers into another server on one of our other additional public ips. The DNAT that I set up for the server on the main WAN ip works, but the DNAT using the additional public IP is not working. Although it could be the way I have set up the NAT translation, I believe my problem is with the additional public IP address that I have set up. Any clues as to what I am doing wrong would be creately appreciated
Notes from my install:
- performed initial setup of Sophos... set LAN interface, set WAN interface
- Tested the basics. I can get out to the internet. I can get into the web console of the Sophos using the public ip of the WAN port and port 4444.
- updated firmware
- Created DNAT rule for TerminalServer 1. Set the rule to send terminal server traffic to the WAN port to the private ip of the terminal server
- tested connecting into this terminal server from the outside and it works fine
created an additional address for our second public ip by doing the following
- interfaces and routing > additional addresses > new additional address
- I set the name
- set "on interface" to the "external wan"
- I set the netmask to /29 (255.255.255.248). I believe this is correct because this is the subnet of our public ip addresses
created a dnat rule for the second terminal server
- traffic from: Any
- using service: Microsoft terminal server services (RDP)
- going to external (wan) [connectwise_public] (Address)
- destination translation: Connectwise_private (this has the internal ip of the server)
- automatic firewall rule selected
- log initial packets selected
- I tried to test from the outside, but it is not working. From the outside, I am also unable to connect to the web console of the sophos using the additional public ip and port 4444. But I can connect to the web console using the main WAN public IP. If I edit just the "going to" and point to just the external WAN address, I can RDP into the terminal server using the man WAN ip.
- I removed the dnat rule and tried a Full NAT rule. Same results.
- I read a forum post that suggest I set the netmask of the additional public ip to /32 (255.255.255.255) instead of /29. I tried this but it did not work either
- old firewall is currently in place
- Information about my Sophos:
Sophos UTM 9
Model: ASG120
Serial: A170613AD6813B7
License ID: 000000
Subscriptions: Base Functionality, Email Protection, Network Protection, Web Protection, Wireless Protection
Firmware version: 9.006-5
Pattern version: 45648
I will try to upload screenshots of my configuration.
Thanks for any help!
Andrew
This thread was automatically locked due to age.
