Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 16588 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Additional Address With Masquerading. The primary IP - not the IP I defined!

SimonKeel

Hi

I have set up a new additional address in for my outgoing interface. The thing is now that my public IP changes to this IP when it is activated (using any whatsmyip service). In masquerading I have << Primary Address>> in the "Use Address" setting. As suggested in another post i also turned off web protection to see if this has an influence. It has not (the same behavior in ftp connections). There is no link aggregation, multipath rules or whatsoever. Any help on this is greatly appreciated!

Simon



This thread was automatically locked due to age.
Parents
  • 0
    Hi, Simon, and welcome to the UTM Community!

    Using example IPs, explain which one you would like to be used for which things.

    Cheers - Bob
  • 0 in reply to BAlfson
    Hi Bob, the primary address is a.b.c.d (static public IP address we have defined on our uplink eth interface), the additional address i define on this interface is w.x.y.z. My masquerading rule from INT to Uplink interfaces is set to <<primary address>> (Use address setting), so i see a.b.c.d when i check on whats my ip on the web when the additional address is deactivated. when i activate the additional address my ip seen from the outside becomes w.x.y.z which is, to my understanding, not the primary address. i would expect my ip seen from the outside is a.b.c.d and not w.x.y.z when the additional address is activated. hope this makes sense as expalantion. thanks for your help and best! simon
  • 0 in reply to SimonKeel

    Yes. you're right, it should be the Primary address, not the the additional address. Is this a beta version?

    Cheers -  Bob

    PS Da ich auch Deutsch kann, habe ich die Tietel der Thread verändert - anders ist Dein Englisch ta-de-los!

  • 0 in reply to BAlfson
    Hi Bob

    We use Release 9.354-4, so no beta. Could this be a bug (can hardly believe I'm the first to run into this)? If so, where should I report? Thanks again for your great support Bob! Best simon

    p.s.: trying to write in english as the chance that others can profit from the post is higher.
  • 0 in reply to SimonKeel
    Simon, do you have a NAT rule like 'SNAT : Internal (Network) -> Any -> Internet : from {w.x.y.z}'? If so, that would explain what you are seeing. When the Additional Address is disabled, that rule would have no effect. If the Additional Address is enabled, the SNAT will take priority over your Masq rule.

    Cheers - Bob
    PS Agreed that English has become the lingua franca of our time.
    PPS Bekommen is to get, receive, obtain, etc. Becoming is more das Werden. I don't know the term for this kind of thing in English or German, but the French would say that the words are faux amis.
  • 0 in reply to BAlfson
    Hi Bob, no SNAT rule in this respect. can it be an issue in conjunction with IPSEC VPN tunnels? otherwise should i go forward and file a bug report? best simon
  • 0 in reply to SimonKeel

    I doubt that this is a bug, as the use of Additional Addresses is very common, and I'm not heard of this  problem before. Please click on 'Use rich formatting' and insert pictures of your masquerading and NAT rules.

    Cheers - Bob

  • 0 in reply to BAlfson

    Hi Bob


    I have just the standard Masquerading rule:

    There are no SNAT rules which would affect this. I really don't get it..


    Best

    Simon

Reply Children
No Data