PDA

View Full Version : Permit TCP 7515 through Firewall to internal LAN

Schnizzle
11-12-2008, 11:48 AM
Hello,

I am trying to get Untangle to permit tcp traffic on port 7515 through to an internal LAN host at 192.168.1.1

Port forwarding is set as follows:
Destination Port = 7515
and
Destined Local
and
Source Interface = External
and
Protocol = tcp
Forward traff to 192.168.1.1
New Port = 7515

Firewall is enabled and set as follows:
Default Action = block
Rule#1 = Enabled
Action = pass
Log = yes
Traffic type = tcp
Client interface = any
Server interface = any
Source address = any
Destination Address = 192.168.1.1
Source port = 7515

With this config I cannot establish communication from outside to 192.168.1.1 on tcp 7515. However if I set the firewall default action to "Pass", then I can connect on that port. Obviously a setting somewhere that i've misconfigurerd but can't seem to find it.

FYI - Untangle is operating in Router mode and NAT is enabled.

Any ideas?
mrunkel
11-12-2008, 01:32 PM
...

Firewall is enabled and set as follows:
Default Action = block
Rule#1 = Enabled
Action = pass
Log = yes
Traffic type = tcp
Client interface = any
Server interface = any
Source address = any
Destination Address = 192.168.1.1
Source port = 7515

...
Any ideas?

You were so close. Source port should be any. Destination port should be 7515.

Let me know if that fixes it.
Schnizzle
11-12-2008, 01:45 PM
thanks for the reply. Yes you were right. I actually changed this just before coming back here and reading your reply - and it started working! Thank you thought for responding - I appreciate your quick reply.
Schnizzle
11-12-2008, 01:51 PM
Question: Given this configuration and the changes you noted, the firewall by default blocks all connections and doesn't log what it blocked. What is the best way to keep it so that it is blocking all attempted connections (except specified exceptions) and being able to log the blocked connections for review?
sky-knight
11-12-2008, 02:08 PM
You may also want to define server interface as internal, and client interface as external. Without the direction of traffic that rule can have some unintended consequences later.
mdh
11-17-2008, 04:56 PM
Schnizzle,

Using the default firewall policy, there is no logging. You would have to use specified rules (the first tab) to log incursion attempts. Rule #1 is highest priority, then #2, 3 and so on. The last rule on your list (the highest rule number) is a BLOCK ALL rule, so that anything that is supposed to pass through should have already done so. Anything that hasn't is either a messed up rule or an intrusion attempt.