This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NAT Between Interfaces

I'm new to Sophos UTM, so this is probably a simple thing, but it is completely escaping me.

I have two internal interfaces: a LAN at 192.168.1.0/24 and a DMZ at 192.168.2.0/24. All is working fine, but when I access a web server in the DMZ, in the server logs it shows the client IP as the gateway address for the DMZ (192.168.2.1) and not the IP address of the PC from the LAN that is connecting (192.168.1.100).

For ease of troubleshooting problems via the web server logs, and for locking down some virtual directories, I would like the UTM to pass through the IP address of the PCs in the LAN.

Thank you for any help!

This thread was automatically locked due to age.

Parents

0 BarryG over 10 years ago

Hi,

a. you have an unnecessary or incorrect NAT/MASQ rule
OR
b. you're using the HTTP Proxy (Web Protection)

if (b), you can create proxy skiplists for the DMZ

otherwise, post screenshots of your NATs... hit 'Go Advanced' to upload images.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 noggernerd over 10 years ago in reply to BarryG

Hi,

Thank you for the replies.

I do have a masq rule for LAN, but it is just LAN (Network) --> WAN.

I also have web protection enabled. Adding "DMZ (Network)" to Web Protection > Filtering Options > Misc > Transparent mode skiplist > Skip transparent mode destination hosts/nets solved the problem.

Thank you for the help!
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 noggernerd over 10 years ago in reply to BarryG

Hi,

Thank you for the replies.

I do have a masq rule for LAN, but it is just LAN (Network) --> WAN.

I also have web protection enabled. Adding "DMZ (Network)" to Web Protection > Filtering Options > Misc > Transparent mode skiplist > Skip transparent mode destination hosts/nets solved the problem.

Thank you for the help!
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data