Nat don't forward

Hi, and welcome to the UTM Community!

Please insert a picture of your NAT rule.

Cheers - Bob

Hi, thank you :)

Yes with pleasure :

And the Livelog with 1 test on 443 :

also :

On Haproxy device, which IP address is configured as a default gateway, is it 192.168.0.100 (UTM) ?

not for now this is still freebox (192.168.0.254)

Sophos ping normaly haproxy (192.168.0.247) :

In my opinion that is the problem, because you are only translating destination IP, not the source one. I don't know what is Freebox, but I guess it is also some kind of stateful firewall device. Packet flow is:

Public IP -> Freebox -> UTM -> Haproxy -> Freebox (denied - no session state in the NAT table).

Try with Full NAT instead of DNAT and define UTM LAN IP as a changed source. Anyway, it is not recommended to use UTM with only one interface for firewall functionalities (you have probably seen warning during the setup).

I did not think about it
I try it tonight (in France it is 6:50 p.m.)

I have not been warning since I attached two physical cards but i just use one

I could simulate wan on my current lan to improve perf?

I do not want to put my box in bridge that's why I thought using one nic (for lan)

EDIT :

Just test and it's ok with full nat :

Same time (19:00) here in Serbia...;)

Try with Full NAT, it should work. In worst case you can reconfigure your network infrastructure like this (scenario that I have in my office with ISP cable modem that doesn't support bridging):

Internet -> Freebox (192.168.0.254) -> (192.168.0.100) UTM (192.168.1.100) -> LAN (192.168.1.0/24)

Yes with the full natIt Works! thank you very much :)

Yes I will organize my architecture like this, it will be cleaner and better organized

Hello everyone !

I'm still in this mode but i encounter a problem
with full nat i change the source and therefore the logs of my servers not see the real IP user

Is there a solution?

thank you

Once the address is NAT-ed the source IP is not visible on the server side. That is one of the basic principles of Internet and using private IP ranges.