Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 98
  • Last Modified:

SonicWALL NAT configuration

Hi Guys,

I have two web servers behind a SonicWall TZ400 and two seperate public IP's coming in.
I would like to publish the one server on public IP-1 and the other on public IP-2.

I've tried a couple of scenarios, but the packet destination address show as the WAN address of the SonicWALL router
(doesn't show the original public IP address)

There is another router infront of the SonicWALL and this router is natting through from the internet to the SonicWall.

Am I correct in thinking the "front-end' router is removing the "original destination" from the incoming packets?

Is there any way redirecting incoming traffic in the SonicWALL based on "original destination" (Public IP)?
0
Rupert Eghardt
Asked:
Rupert Eghardt
  • 5
  • 4
2 Solutions
 
David AtkinIT ProfessionalCommented:
Hi there,

Have you configured the additional WAN addresses on your Sonicwall?

If so, you should be able to do this via the 'Public Server' Wizard in the top right of the sonicwall.

It will ask you to specify the external public IP address and then the local internal server address.

It would be strange for your ISP to be altering any of the destination packets.
0
 
Rupert EghardtAuthor Commented:
Thanks David,

I published 2 x servers via the 'Public Server' Wizard.
Each on it's own public IP.  The wizard created two network objects for the public IP's.

I couldn't access the servers externally with the NAT's created by the wizard.
I checked the packet monitor and it shows Dst=[192.168.1.4]
This is the local WAN address of the SonicWALL.

After changing my NAT rule from public-IP to "WAN Interface IP", the server was accessible from the internet.
0
 
David AtkinIT ProfessionalCommented:
Hi Rupert,

Just to confirm, is this now resolved?
0
Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

 
Rupert EghardtAuthor Commented:
Not yet, I suspect the ISP is translating the traffic, thus packet losing the public IP ...
0
 
David AtkinIT ProfessionalCommented:
If thats the case then you will need to contact them to get it confirmed. It would be a strange thing for them to do though!
0
 
Rupert EghardtAuthor Commented:
Could there be any other reason why the packet monitor would display original destination as
Dst=[192.168.1.4] ?

I've inspected the packet data and don't see the public IP anywhere?
0
 
Rupert EghardtAuthor Commented:
I believe the ISP is translating the public IP to private IP, public IP not accessible after the ISP DSL router.
Only solution is to setup two seperate networks in ISP DSL router, translating to two seperate private IP's.  Current DSL router not equipped for two interfaces, applied for router upgrade.
0
 
David AtkinIT ProfessionalCommented:
Thank you for letting us know the solution.  Glad you managed to resolve your problem.
0
 
Rupert EghardtAuthor Commented:
Problem not solved, applied for DSL router upgrade, will be using two private IP's from DSL router.
0

Featured Post

Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now