Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 3769 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why 2 Nat is necessary ?

UserUser1

Hello, there are some things i do not understand

I explain to you,

I have a box that i configured in bridge and who is therefore concerned only with the part Modem.

I have behind my Router: Sophos UTM 9 Home

I created the port opening rules (NAT) like this:

NAT: All HTTPS connections (443) entering the WAN interface are redirected to a Reverse Proxy (haproxy) on port 5443

 

Only, I noticed that it only worked from outside LAN .. I had no access to my sites hosted by me on LAN (https//example.com)


I had to create Full Nat type rules for this to work, changing the source:




I really do not understand why it is necessary to make 2 types of NAT ..


If you have any solutions I'm interested :)

thank you very much

Ps : Sorry for my english



This thread was automatically locked due to age.
  • 0

    Hi and Welcome to Sophos Community,

    This issue occurs as a result of the way NAT translation works on the UTM.

    When the client makes a request destined for the external address of an internal server, the UTM changes the destination address of the request and then forwards it on to the server's internal address. When the server receives the request, the source is the client's internal address, which it responds to directly. In most network configurations, the response does not pass back through the UTM (it goes directly to the client, through the switch). This causes the interruption.

    If UTM is used as a DNS forwarder then, you can configure a static DNS entry to map the request to the internal server instead of sending it on the WAN. To do this Goto, Network Services | DNS | Static Entries. Create a new network definition and choose the type as Host. Under IPv4 Address, enter the internal address of your server. Under Hostname, enter the FQDN of your server's external address, eg. www.abc.com.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0

    Accessing Internal or DMZ Webserver from Internal Network will help you to understand and to see an alternative.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?