New to the forum. I have been using Sophos UTM 9 since I found out about it being free for home users about 2 months ago. Loving it. However, I very recently started having a major problem that has gotten me all tied up.
Up until this past Wednesday morning at approx. 12:30AM, I had my Sophos UTM configured and working just perfectly. While working on a remote session, my internet suddenly dropped. Ultimately, I went and looked at the modem in the closet and it only had a power light and a DS flashing light. I figured Suddenlink must be doing maintenance, so I called it a night and went to bed. The next morning when I arrived at work, I attempted to logon to my network at home. I have Spiceworks running as well as a self-hosted remote desktop service among a few other things. Loading Spiceworks was painfully slow and required a couple of refreshes--which typically could have indicated my server was busy ATM. I then tried to login to Sophos WebAdmin. This also was painfully slow and almost didn't even load. Everything on my network (being accessed externally) was painfully slow.
When I got home I looked into things. I was getting frequent ping drops. My services were having a hard time connecting from my PC as well as my servers (Dropbox, CrashPlan, Sophos Endpoint Update, etc.).
So here was my setup leading up to Wed. @ 12:30 AM:
IPs/Definitions for my situation:
3 Static IPs - 1.1.1.1-3
eth0 - LAN - IP: 192.168.10.1
eth1 - WAN (Static) - Primary IP: 1.1.1.1/Additional IPs: 1.1.1.2, 1.1.1.3
SERVER1 - Private IP: 192.168.10.5 (Host Entry), Static IP: 1.1.1.2
SERVER2 - Private IP: 192.168.10.6 (Host Entry), Static IP: 1.1.1.3
MYPC - Private IP: 192.168.10.200 (Host Entry), Shares Static IP: 1.1.1.1 w/ network
My physical setup is as follows:
Modem --> eth1 /-/ Sophos eth0 --> Netgear 5 port switch -> Rest of the network
NAT:
Masquerading Rules:
SERVER1 --> WAN / 1.1.1.2
SERVER2 --> WAN / 1.1.1.3
Internal (Network) --> WAN /
I also had a couple DNAT rules for incoming traffic for various services.
They were all configured as such:
Source: ANY --> Service: ***X --> Dest: one of the static ADDRESSES
Change Destination to: Corresponding server
Change Service to:
The above configuration was working just fine for about a month. I was extremely satisfied with everything. Until 12:30 AM Wed. Ferb. 19th. Since that point, I have been having the problems as described earlier. During the last 3 days I have reloaded my Sophos UTM and reset it as basically as possible. Currently I have the 3 masquerading rules above and 1 firewall rule allowing All Internal traffic to ANY destination. No blocks are setup. I have also turned off Web filtering, IPS, Application Control, everything. The only thing I have running currently is the firewall.
Suddenlink just came out and checked the signal levels. They made a few changes at the box (I live in an apartment) and said that my line had been moved since the guy originally hooked me up a month ago. So he moved me again and tagged me with a commercial tag (I am a commercial customer).
If I disable all masquerading except for Internal -> WAN/Primary IP, I seem to get much better results. But as soon as I turn on the additional NAT rules, things go south.
Additional things I have done:
- Changed NICs in the firewall -- All new NICs. Even added some so that I can switch ports for testing easily.
- Rebooted -- many times -- especially after making NAT changes. I have rebooted all switches on the networks, all devices, modem, firewall. Everything gets rebooted periodically as I am making changes just to ensure nothing being cached (ARP, Routing, etc) is causing issues.
- Reloaded many times
- Checked switches all around. I am not having any network issues at all. I can even get to the modem's diagnostic page (192.168.100.1) and ping it succesfully even when I am having issues. So I know it is not a NIC or switch anywhere as only internet addresses are affected by this dropping issue.
Please, someone, help shed some light on this. I am happy to work directly with anyone willing to spend a little time. I can even give you access to the UTM if you want to have a look at the current setup.
I am at the point I just want to give up, but it's my network and it won't work the way I want it unless I fix this. So it is very frustrating.
I would also like to add that I have checked the big Rulez list and as far as I know I am following all of them, including the Zeroeth rule which shouldn't even have any effect in my setup. Also, Rule 3 about not assigning hosts to an interface -- none of my hosts are, they are all assigned to ANY.
This thread was automatically locked due to age.
