Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 6764 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

2 machines sharing one WAN port and IP unintentionlly

Gregory Bambo

I have a physical machine (PM) with physical ports eth0 and eth1. It is running a virtual machine VM0 via KVM. As consequence, eth0 appears aliased to virbr0, such that the only ports that are "up" are eth1 and virbr0. Other VM's lay behind VM0, which is running Sophos UTM. Presumably, the route from outside to VM1 is in eth1 thence virbr0 and through Sophos into the vLan. But PM and VM0 both have WAN ports bearing the same IP address. 

First, how is that possible? PM can ping the Internet and VM1, so there is communication between all network segments. But it seems there should be broken communications between PM and VM0. I find the topology and connections of virbr0 very confusing!

Second, is this desirable? Seems not to me as I need to have different rules for the PM and VM0, but cannot write different rules given the identical IP addresses.

I don't understand why I am even able to communicate with both machines. I am using NoMachine (VNC-like) to address PM at the shared IP. Then I run a nested NoMachine session from PM to access VM1 and then access VM0 via browser addressed to its LAN port.

How can I detangle this? How did it get tangled?



This thread was automatically locked due to age.
  • 0

    Hi, Gregory, and welcome to the UTM Community!

    How about a simple stick diagram to help us visualize your topology?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thanks for the greeting. 

    I tore the host down and started over. Basically, my WAN port somehow got configured as an interface on virbr0. Oddly, it happened again today, but I was able to manually edit /etc/network/interfaces and reassign it a static IP. Not sure how it slipped into the grips of DHCP.

    Now I am trying to figure out why I can't sign in to Sophos VM directly, but can via web interface.

  • 0 in reply to Gregory Bambo

    Hi Gregory,

    before you can login the UTM via direct CLI you'll need to set Shell credentials.

    This is done via Webadmin Management->System Settings->Shell Access for direct Shell you only need to set the root password.

     

    Yours Lukas

    lna@cema

    SCA (utm+xg), SCSE, SCT

    Sophos Platinum Partner

Unfiltered HTML