Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 7695 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9.502-4 : Unable to route to Internet from LAN port but able to from (3rd NIC) i.e. Management

Steve Munday

Hi, sorry, newbie question alert.

 

Set-up

UTM 9.502-4 running on "small" PC brick with 3 NICs (Eth0 is hardwired, Eth1 and 2 are USB <> Ethernet dongles)

Eth0 (Management NIC) has 192.168.10.250

Eth1 (ISP interface)

Eth2 (LAN interface) has 192.168.10.1

4 x "Out of the box" Firewall entries as defined by installation wizard

MASQ set to "LAN (Network) ==> ISP" (i.e. Eth2 ==> Eth1)

DHCP set against LAN interface (Range 192.168.10.3 to .50)

 

Test1

ISP connected to Eth1

Laptop (static IP) connected to LAN interface on Eth2

Result : Not able to connect to Internet

 

Test2

ISP connected to Eth1

Laptop (static IP) connected to Management interface on Eth0

Result : SUCCESS.  Able to connect to Internet

 

Test3

ISP connected to Eth1

Laptop (static IP) connected to LAN interface (Eth2, DHCP removed from interface)

Result : Not able to connect to Internet

 

There (clearly) seems to be an "issue" with my config.  When the Laptop is directly connected to the LAN interface (Eth2) it's UNABLE to route to the Internet however when connected to the Management NIC (Eth0) instead it finds its way out.

If I replace my Laptop with an R7000 (in AP mode using both hardcoded and dynamic IPs) to the LAN interface (Eth2) I get the same results as when my Laptop is connected -- obvious, but I checked.

 

Any thoughts/words of wisdom would be very much appreciated as I just can't see what is "not" allowing the routing of traffic to the ISP interface (Eth1) when I connect to the LAN interface (Eth2).

- Steve



This thread was automatically locked due to age.
  • 0

    Update

    Is there any "implied" significance as to which interface(s) are associated with Eth0 /1 / 2?

    For example, does the ISP "have" to be associated with Eth0?

    - Steve

    - Regards, Steve
    PrivatePICO-PC, Intel J1900 Quad Core, 2.42GHz, 4GB RAM, 240GB SSD, 4 x 1GB INTEL Ethernet, UTM 9.510-5 Home License

  • 0

    Steve, the "culture" among us is to use eth0 for your LAN (Internal) and eth1 for your ISP (External).  A separate management interface is not needed with the UTM, so you have an extra port!  I suggest you do a Factory Reset and start over with that in mind.

    Sometimes, NICs don't play well with others when it comes to auto-negotiating speed and duplex.  Try #7.7 in Rulz if you have a similar problem when you try to use your extra port. 

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Bob,

    Apologies for the delay in responding, the day job got in the way.

    First up, thanks for the "rulz" which will come in very handy going forwards and the associated guidance, all offers gratefully received I must say.

    I'd done a little more testing and was homing in on using the Eth0 resource for the SoHo LAN which was confirmed by what you stated.  In the end I did re-build from the ground up which has, I'm pleased to say, given me the expected result of a fully working UTM.

    Again, thank-you so much for the guidance.

    - Steve

    - Regards, Steve
    PrivatePICO-PC, Intel J1900 Quad Core, 2.42GHz, 4GB RAM, 240GB SSD, 4 x 1GB INTEL Ethernet, UTM 9.510-5 Home License

Unfiltered HTML