Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 10662 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Will the firewall refuse to forward "private" IP address blocks?

UserJustMe

I tried setting up sophos today in a test environment to see how much throughput I could get, but I couldn't get far.  My core network is on a 10. subnet and I setup a computer and assigned it with 192.168.2.20 subnet IP.  Sophos was the router between the networks.  The WAN port got a DHCP IP address from the 10. subnet and was statically assigned the 192.168.2.100 IP.  To keep it simple, the test computer was just a direct connect to the sophos UTM.  The WAN port was set with the gateway parameter.  Everything mostly worked fine: I could navigate to the Internet and things seemed functional.  So now, I wanted to start some SSH sessions so I went to the firewall rules, added SSH on the internal network.  However, I could not get a SSH terminal to open.  Is it because sophos interprets the 10/8 IP address as internal and is not routing it on the gateway for that reason, or is something else wrong?  I also wasn't able to hit some webservers on the 10/8 network so I am a little suspect I am missing a setting somewhere, but generally confused.



This thread was automatically locked due to age.
Parents
  • 0

    Chris, have you tried #1 in Rulz?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    While I hadn't read that post, I did check the logs.  I was hopeful I would see a violation and I could work with it.  I would even look at my ssh rule suspiciously, but the inability to hit my webservers while seeing Internet sites makes me less certain I screwed it up.  Perusing the other rules, I didn't see any that I violated.

Reply
  • 0 in reply to BAlfson

    While I hadn't read that post, I did check the logs.  I was hopeful I would see a violation and I could work with it.  I would even look at my ssh rule suspiciously, but the inability to hit my webservers while seeing Internet sites makes me less certain I screwed it up.  Perusing the other rules, I didn't see any that I violated.

Children
  • 0 in reply to UserJustMe

    By the way, I would be thrilled even if someone said there is no special handling and it is just user error; I just don't want to waste my time if someone intelligent already knows it will not forward what are typically private non-routable IPs through the gateway.

  • 0 in reply to UserJustMe

    If you're not seeing anything in the logs mentioned, then you have a routing problem, Chris.  Can you do a packet capture to confirm that the SSH traffic is leaving the UTM?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to UserJustMe

    UTM will route all of the packets regardless it is private IP or not. Did you create MASQ rule for LAN -> WAN ? If not, do your web servers have defined route for 192.168.x.x laptop network ?

Cookie Information Banner