Firewall NAT / Outbound

  • Hello,
    My servers IP address as attempts to exit from the inside out, "WAN Static IP configuration" at the "IP address" that I wrote in the Metro Ethernet IP address appears.
    So I'm assigned to servers, "Virtual IP" address does not appear to whois queries.
    "Firewall - NAT - Outbound" tab of the adjustments I struggled with but the results did not get a pretty …

    While I understand from the inside out in a separate NAT for the LAN must make adjustments ..
    I would like help from friends about the experience with this issue ..

    Thank you ...

  • I don't think Virtual IP is good for this situation, you must assign them to specific interface.

  • VIP is not a bad idea, you must use 1:1 or a combination port forward and manual outbound NAT if you want something other than the WAN address. Please also note that manual outbound rules are first matching, so if you have your VIP listed below your auto created rules (the one for WAN) then you will always get your WAN address for the outgoing IP.

    If I am understanding your problem correctly.

  • Hello,
    While users have given out the ip address I want to do with the output..
    I want to create a rule for servers in the same way.
    Wan seems a static ip address, I could not make out with the Virtual IP address..

    Configuration as in the picture

  • Okay, your first mistake is that you /24 is above your /32 entries. NAT like firewall rules (aside from floating) are first matching. So if tries to go out, it is going to match the first rule and go out as your WAN ip and not the second entry you have setup. You will need to move your /24 to the bottom of the list.

  • Hi,
    I examine the subject, and others live, but the problem you mentioned is not related to them ..
    Metro IP block to assign only one of them described kullacılarıma and he'd like to make out the Internet via IP address.
    The system installed on the proxy server.

    Structure, such as I have mentioned;

    Virtual (Real)        IP Lan   (Web, Mail Server)   - (Internal Users)

    Web to my WAN IP address from the outside: Port: There is no shortage now working to make 80 1 to 1 Nat.

    However, the exact opposite of this situation to 254 with the internal network ip address I want to walk out of my users.

    As far as researched by the forum;

    "I have pretty much the same scenario here and it works as it should…

    At- System/Advanced/Firewall Nat/  make sure that "Disable reply-to" is not checked...

    I do not have outbound nat "static port" selected. "

    Checked'i picked the appropriate tab,
    Firewall: NAT: Outbound tab of the Manual Outbound NAT rule generation (AON - Advanced Outbound NAT) NAT addresses by checking the Source Address is as the ip address of the internal user, though it would define a system configuration'daki WAN Static IP WAN IP address with the IP Address tab I wrote is output. Whois lookups do not change the ip address ... It might be a proxy? There is one point I missing, but could not find yet ...

    I would like to help with nat settings from..  Address all the problems appear gateway ip address is still. I can not make full sense of the output with the external IP address mentioned.

    Thank you..

  • Could you re-paste the current setup? The issue I saw doesn't seem to be addressed. Also turning off static ports is going to be a must on the NAT for 11-254.

  • Hello,
    The current settings are as pictured.

    Thank you.

  • Your rules appear to be correct. Are you using 1:1 NAT as well, or just port forward?

Log in to reply