Results 1 to 6 of 6
  1. 04-20-2011, 06:58 AM #1
    richgill
    richgill is offline
    Untangler
    Join Date
    Dec 2007
    Posts
    47

    Default Group for IP Address Ranges

    I'm using UT v8.1 in NAT mode with (amongst others) the Firewall application.

    I am allowing some inbound traffic (using Port Forwards), but only want to give access to a bunch of IP address ranges. According to the IP Matcher wiki "Note: Comma separated lists of CIDR subnets or ranges are not supported."

    Is there a way to create a group of IP address ranges? I have 7 such ranges and 4 Port Forwards. I don't want to manually enter 28 firewall entries!

    I know this question has been asked in the past - just wanted to know if the situation had changed.

    Thanks.
  2. 04-20-2011, 09:07 AM #2
    dwasserman
    dwasserman is online now
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    3,977

    Default

    No make sense, port forward is for creating a special 1:1 relationship for some port to single internal ip address.
    The world is divided into 10 kinds of people, who know binary and those not
  3. 04-21-2011, 12:27 AM #3
    richgill
    richgill is offline
    Untangler
    Join Date
    Dec 2007
    Posts
    47

    Default

    Yes that is correct. Although port forwarding alone will forward traffic from anywhere (ie any source IP address). In addition to the port forwarding I want to use the firewall to only allow traffic from certain address ranges. Hope that makes sense!
  4. 04-21-2011, 11:08 AM #4
    dwasserman
    dwasserman is online now
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    3,977

    Default

    I dont finish to understand your issue, can post a real life example?
    The world is divided into 10 kinds of people, who know binary and those not
  5. 04-21-2011, 01:33 PM #5
    dmorris
    dmorris is online now
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Mateo, CA
    Posts
    11,691

    Default

    Quote Originally Posted by richgill View Post
    I know this question has been asked in the past - just wanted to know if the situation had changed.
    Nope. We're adding support for list of ranges in the product in 9.0, but it still won't work for port forwards because the underlying implementation doesn't support it.

    you're other option would be to forward the port for everyone and then use the firewall to filter who can connect.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com
  6. 04-27-2011, 08:11 AM #6
    richgill
    richgill is offline
    Untangler
    Join Date
    Dec 2007
    Posts
    47

    Default

    dmorris - Thanks for the update. As you say, I plan on forwarding the port for everyone then using the firewall to filter who can connect.

    dwasserman - Some examples:

    a) If you run a web site (or any service) that is only for use by certain people. As an extra security measure you may want to use the firewall to limit access by the users IP address(es).

    b) If you use a cloud service (which has multiple IP address ranges) and they need access to your network, you would use the firewall to allow those IP ranges through.

    In both examples having a group for the IP addresses/address ranges would allow you to create just one firewall rule. Easy to administer & understand.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


SEO by vBSEO 3.6.0 PL2