Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 4 subscribers
  • Views 13733 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Add another external IP address with NO NAT

EWIT

I'm working on a UTM 220 with multiple Ethernet interfaces, and a /27 subnet from our ISP.

ISP router is at .1

Our UTM WAN port is eth1 at .30.

We are hosting email services and other stuff at .a few other external IPs in our block, NATted through to a server on the LAN side; everything works fine once I added an "Additional Addresses" entry for each. Each additional address is set to subnet mask of /32 per recommendations I've seen around the forums.

Now, I have a VOIP box which cannot be NATted (protocol issue). It needs to have an external IP address. 

Here's what I've tried:

  • Add a new interface eth7 with IP address .7 and /32 subnet, enabled Proxy ARP.
  • Connect the VOIP box to eth7 and configure it with .6 and /27 subnet through its web UI.
  • Enable firewall rules to permit traffic to the .6 address of the VOIP box.

It works for about an hour, then stops!

Any idea?



This thread was automatically locked due to age.
Parents
  • 0

    I don't know if I did it the "right" way, but I had a similar setup at my previous building. 

    I needed public IPs on a gateway for my VOIP system. 

    I just bridged the VOIP eth with the WAN eth and gave the VOIP eth a static inside the range of my external interface. 

    E.g.

    Eth1, Eth2 Bridge = Br0

    Eth 2 - Connected to VOIP box 

    Eth 1 - WAN 

    Br0 - 1.1.1.2/29 DFGW 1.1.1.1

    VOIP Box - 1.1.1.3/29 DFGW 1.1.1.1

    I could still create firewall rules for traffic between 1.1.1.1 and 1.1.1.3 and all traffic flowed correctly. 

  • 0 in reply to RichardCook

    I want to ask on how you make it work to bridge eth1 and eth2.

    My setup is this

    I have 13 Public IP's from my ISP. Now I want to put all those 13 IP's on a single port of Sophos SG 310, and distribute it to other port. Now, how can I make it like that? I need to monitor those IP's and distribute it to my Mail Server and to my Internal Network/

  • 0 in reply to JerryDela Cruz

    Hi, Jerry, and welcome to the UTM Community!

    The easiest way is to use Additional Addresses.  Depending on the subscriptions you have, you then can use proxies or DNATs.  I didn't see anything in your description that might indicate that a bridge would be desirable.

    Cheers - Bob

Reply
  • 0 in reply to JerryDela Cruz

    Hi, Jerry, and welcome to the UTM Community!

    The easiest way is to use Additional Addresses.  Depending on the subscriptions you have, you then can use proxies or DNATs.  I didn't see anything in your description that might indicate that a bridge would be desirable.

    Cheers - Bob

Children