This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Secret of SNAT?

So what's the secret to get SNAT to work? I'm trying to associate an external IP with a specific server and so far no luck. When browsing from the source server, no matter what I do, the server is showing up on the primary WAN address (testing done via an online IP check site).

I've no issues with DNAT.

Configuration:

Group: :: Please select ::
Position: 1
Rule Type: SNAT (Source)

Matching Condition

For traffic from: "Host Object"
Using service: Any
Going to: Internet IPv4

Action

Change the source to: "Address defined under additional address tab""
And the service to: "Blank"

Automatic Firewall rule: Checked

Thanks in advance.

Steve

This thread was automatically locked due to age.

Parents

0 Sascha Paris over 10 years ago

The order is DNAT (incoming) - Masquerading (outgoing) - SNAT (outgoing)

Technically you should be able to use alias IPs for your webservers outgoing, proxied or unproxied (firewall only).

However - as far as I know there´s a bug in recent 9.2 and 9.3 Versions, where masquerading proxied services to alias IP´s doesn´t work anymore (proxy awareness broken I guess ?) - from my knowledge this worked at least in 9.1...don´t know exactly when this got broken.
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 10 years ago in reply to Sascha Paris

The order is DNAT (incoming) - Masquerading (outgoing) - SNAT (outgoing)

Hi Sascha,

In UTM 8.x, SNAT overrode MASQ; are you saying that's no longer the case?

Thanks,
Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 10 years ago in reply to Sascha Paris

The order is DNAT (incoming) - Masquerading (outgoing) - SNAT (outgoing)

Hi Sascha,

In UTM 8.x, SNAT overrode MASQ; are you saying that's no longer the case?

Thanks,
Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data