Sentinel LM problem - Page 2

jclambert1 · 03-28-2011, 07:21 PM

updated network diagram atatched

jclambert1 · 03-28-2011, 07:24 PM

Quote:

Originally Posted by dbunyard

I'm sorry if I'm seeming ignorant here but I want to make sure I understand your setup. So the problem is the flow of traffic like this, right:
|Remote site|<==>|Internet|<==>|Local Router|<==>|Untangle|<==>|LAN|
The remote sites cannot access a server in the LAN even though a VPN is established to the local router? Sorry for the questions, I just want to make sure I understand.

BAsically yes. All traffic is flowing properly (SMB, internal web pages, printing, jabber, etc) aside from the LM on UDP shown above.

dbunyard · 03-28-2011, 07:29 PM

So how about a bypass rule from 10.0.1.x (and 3.x) to/from your LAN IP range?

jclambert1 · 03-28-2011, 07:46 PM

Quote:

Originally Posted by dbunyard

So how about a bypass rule from 10.0.1.x (and 3.x) to/from your LAN IP range?

Bypass rule? Wouldn't that be something for firewall? I do not have that module installed. Or is this placed elsewhere in the system?

dwasserman · 03-28-2011, 08:04 PM

The firewall app its only a ACL subsystem, not a firewall.
In the up left corner of the rack, default rack button, show session option, you can show and debug what happen with this traffic flow.

jclambert1 · 03-28-2011, 08:20 PM

I see. I will look it over in the AM. Thanks!

johnsonx42 · 03-28-2011, 08:35 PM

the bypass rules have nothing to do with the firewall module. they're under networking->advanced->bypass rules. these rules tell the networking code (the linux bits) to just route the packet on without passing it through the untangle vm (or in other words, to bypass the application rack). even though nothing in the uvm is blocking or really even looking at that traffic, the mere act of passing through it can foul up certain types of communication.

you can just bypass the particular udp port.

jclambert1 · 03-29-2011, 06:35 AM

Quote:

Originally Posted by johnsonx42

the bypass rules have nothing to do with the firewall module. they're under networking->advanced->bypass rules. these rules tell the networking code (the linux bits) to just route the packet on without passing it through the untangle vm (or in other words, to bypass the application rack). even though nothing in the uvm is blocking or really even looking at that traffic, the mere act of passing through it can foul up certain types of communication.

you can just bypass the particular udp port.

Just bypassing the port in question worked just fine.

dmorris · 03-29-2011, 08:49 AM

I suspect your netmask is too big. (likely /8 or /16 and needs to be /24)
If you want it to be bigger than /24 you'll need to add routes for 10.0.1.x and 10.0.3.x so Untangle does not think they are local.

Bypass will also work, but you'll need to do this for all services remote clients want to reach if you have it setup like that.

03-28-2011, 07:29 PM	#13 (permalink)
dbunyard Join Date: Nov 2008 Location: Westerville, Ohio, USA Posts: 1,021	So how about a bypass rule from 10.0.1.x (and 3.x) to/from your LAN IP range? __________________ Dan You may one day find something interesting here. Today is not that day. Tomorrow isn't looking too good either. Last edited by dbunyard; 03-28-2011 at 07:34 PM..

03-28-2011, 08:04 PM	#15 (permalink)
dwasserman Join Date: Jun 2008 Location: Argentina URLs submitted: 57 Posts: 3,634	The firewall app its only a ACL subsystem, not a firewall. In the up left corner of the rack, default rack button, show session option, you can show and debug what happen with this traffic flow. __________________ The world is divided into 10 kinds of people, who know binary and those not

03-29-2011, 08:49 AM	#19 (permalink)
dmorris Untangle Junkie Join Date: Nov 2006 Location: San Mateo, CA URLs submitted: 10 Posts: 10,613	I suspect your netmask is too big. (likely /8 or /16 and needs to be /24) If you want it to be bigger than /24 you'll need to add routes for 10.0.1.x and 10.0.3.x so Untangle does not think they are local. Bypass will also work, but you'll need to do this for all services remote clients want to reach if you have it setup like that. __________________ Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com

Protect

Filter

Perform

Connect

Manage

Add-Ons

03-28-2011, 08:20 PM	#16 (permalink)
jclambert1 Newbie Join Date: Mar 2010 Location: Desert Southwest Posts: 10	I see. I will look it over in the AM. Thanks!

03-28-2011, 08:35 PM	#17 (permalink)
johnsonx42 Master Untangler Join Date: Jan 2011 Posts: 626	the bypass rules have nothing to do with the firewall module. they're under networking->advanced->bypass rules. these rules tell the networking code (the linux bits) to just route the packet on without passing it through the untangle vm (or in other words, to bypass the application rack). even though nothing in the uvm is blocking or really even looking at that traffic, the mere act of passing through it can foul up certain types of communication. you can just bypass the particular udp port.