Dear Others,
i'm running an ASG8 meant to be a plain firewall in a very simple topology:
- external firewall-NIC headed towards WAN,
- internal firewall-NIC protecting a bunch of servers, each of which featuring public & routable IP-addresses.
Thus no need for sporting any sort of NAT here => no NAT configured by me, nor having any masquerading rules in place.
Nevertheless (and here it gets creepy):
All outbound requests initiated from one of the internal servers leave the firewall with the IP-address of the external firewall-NIC, which looks very much like masquerading (if not IS masquerading, right?), while i prefer them to have the source-IP-address of the respective requesting machine.
Listing the current iptables rules on firewall-commandline does not exhibit any DNAT/SNAT rule, just plain firewalling.
What is going on here? Maybe some automagic features of ASG8 i missed to consider?
Did i fundamentally misunderstand the entire concept?
Any hint is highly appreciated, thanks in advance
X
i'm running an ASG8 meant to be a plain firewall in a very simple topology:
- external firewall-NIC headed towards WAN,
- internal firewall-NIC protecting a bunch of servers, each of which featuring public & routable IP-addresses.
Thus no need for sporting any sort of NAT here => no NAT configured by me, nor having any masquerading rules in place.
Nevertheless (and here it gets creepy):
All outbound requests initiated from one of the internal servers leave the firewall with the IP-address of the external firewall-NIC, which looks very much like masquerading (if not IS masquerading, right?), while i prefer them to have the source-IP-address of the respective requesting machine.
Listing the current iptables rules on firewall-commandline does not exhibit any DNAT/SNAT rule, just plain firewalling.
What is going on here? Maybe some automagic features of ASG8 i missed to consider?
Did i fundamentally misunderstand the entire concept?
Any hint is highly appreciated, thanks in advance
X