This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why is 1:1 NAT so painful?

Just trying to get my head around how Sophos does 1:1 NAT for individual IPs.

In Cisco-land, I'd normally do this...

ip nat inside source static

One line.. simple. effective.

This means that anything hitting , on any port, gets forwarded to . On the flip side all traffic coming FROM gets changed to

How the heck do I accomplish this in Sophos-land?

(I've got a semi-working solution, but I'm trying to see what other users come back with, without any prompting.)

This thread was automatically locked due to age.

0 BAlfson over 10 years ago

Matt, the good news is that your Cisco knowledge will help a lot.  The bad news is that it will cause you to misinterpret some things in UTM-land.

Keep in mind that WebAdmin is a tool that manipulates a database used by the configuration daemon to create iptables, apache, etc. configurations and commands.  It's power is that it's an object-oriented language that makes configurations simple to create, understand and change.

In WebAdmin "1:1 NAT" is used to describe a rule that NATs one subnet to another of the same size, so don't let that confuse you.

A DNAT changes  to  (see #4 and #5 in Rulz).  The connection tracker takes care of sending any responses out the correct NIC with the correct IP.

If traffic originates (not requested from an IP on the Internet) from , then you need a Source NAT (SNAT) if you want the traffic sent from an Additional Address.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel