What to do in lieu of "Default Action: Block"? - Page 2

johndball · 12-21-2011, 01:46 PM

Fellas, unless there is something yall aren't sharing with me this is a default install less the rules that I have created and posted screenshots of.

What needs to be done to block all traffic for which a rule has not been created? This version of Untangle removes the option to block by default so please enlighten me.

sky-knight · 12-21-2011, 01:53 PM

The firewall module cannot control traffic bound to Untangle anyway.

Where are you running that port scan from?

Because I can promise you, unless you've played with something, TCP 110 is NEVER open on Untangle. Nor is TCP 25.

You've done something to cause that read out, or your scan is lying to you.

johndball · 12-21-2011, 01:55 PM

Scanning from my house using SuperScan 3.0.

GRC shields up shows everything as stealth so I can't get an accurate reading from it.

I haven't changed anything I'm not familiar with. This is far from my first experience with Untangle. It is my first go around with the 9.x series and I haven't been pleased yet but since I'm stuck with 9.x I'd like to at least get it working correctly.

Edit: Look, I'm not trying to be an a$$hat as "emotions" aren't conveyed via text very well so don't interpret my postings as hostile.

sky-knight · 12-21-2011, 02:30 PM

Don't worry about offending me, I'm all too aware of how cold text communication is. It's gotten me into piles of trouble around here.

If GRC shows everything stealth, and SuperScan does not, I think something it up with SuperScan.

That said, GRC should be reading TCP 443 open (remote admin, openvpn client distribution, etc) I suppose that port won't be open if you haven't installed any modules or never enabled remote admin.

And TCP 22 reads as closed without a packet filter rule to drop the traffic. Unless there is a new default that fixes that. But those are seriously the only two ports that show anything other than "I'm not here" by default.

sky-knight · 12-21-2011, 02:31 PM

Heck, test it yourself!

telnet external.ip.of.untangle 80

That will open a connection to your Untangle on port 80, does it time out?

johndball · 12-21-2011, 02:46 PM

Is the packet filter portion of Untangle all pre-NAT related rules?
Do they process in order from top down?

sky-knight · 12-21-2011, 03:18 PM

Yes, to both questions as far as I know.

johndball · 12-21-2011, 03:20 PM

So, if I wanted "firewall" pre-nat rules I would do so in the packet filter? Since all is now allow by default I would need to set rules to block pre-nat essentially using the packet filter as a pre-nat firewall.

sky-knight · 12-21-2011, 03:43 PM

No, the packet filter is block by default. The firewall module is pass by default.

But yes you have to use the packet filter to control traffic that is terminating on the Untangle server itself.

johndball · 12-21-2011, 04:20 PM

Done. I got it working so that all is blocked except what I open up both pre and post NAT.

12-21-2011, 01:53 PM	#12 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,454	The firewall module cannot control traffic bound to Untangle anyway. Where are you running that port scan from? Because I can promise you, unless you've played with something, TCP 110 is NEVER open on Untangle. Nor is TCP 25. You've done something to cause that read out, or your scan is lying to you. __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879

12-21-2011, 01:55 PM	#13 (permalink)
johndball Master Untangler Join Date: Apr 2008 Location: New Orleans, La Posts: 103	Scanning from my house using SuperScan 3.0. GRC shields up shows everything as stealth so I can't get an accurate reading from it. I haven't changed anything I'm not familiar with. This is far from my first experience with Untangle. It is my first go around with the 9.x series and I haven't been pleased yet but since I'm stuck with 9.x I'd like to at least get it working correctly. Edit: Look, I'm not trying to be an a$$hat as "emotions" aren't conveyed via text very well so don't interpret my postings as hostile. Last edited by johndball; 12-21-2011 at 02:05 PM..

12-21-2011, 02:30 PM	#14 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,454	Don't worry about offending me, I'm all too aware of how cold text communication is. It's gotten me into piles of trouble around here. If GRC shows everything stealth, and SuperScan does not, I think something it up with SuperScan. That said, GRC should be reading TCP 443 open (remote admin, openvpn client distribution, etc) I suppose that port won't be open if you haven't installed any modules or never enabled remote admin. And TCP 22 reads as closed without a packet filter rule to drop the traffic. Unless there is a new default that fixes that. But those are seriously the only two ports that show anything other than "I'm not here" by default. __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879

12-21-2011, 02:31 PM	#15 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,454	Heck, test it yourself! telnet external.ip.of.untangle 80 That will open a connection to your Untangle on port 80, does it time out? __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879

12-21-2011, 03:18 PM	#17 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,454	Yes, to both questions as far as I know. __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879

Protect

Filter

Perform

Connect

Manage

Add-Ons

12-21-2011, 02:46 PM	#16 (permalink)
johndball Master Untangler Join Date: Apr 2008 Location: New Orleans, La Posts: 103	Is the packet filter portion of Untangle all pre-NAT related rules? Do they process in order from top down?

12-21-2011, 03:20 PM	#18 (permalink)
johndball Master Untangler Join Date: Apr 2008 Location: New Orleans, La Posts: 103	So, if I wanted "firewall" pre-nat rules I would do so in the packet filter? Since all is now allow by default I would need to set rules to block pre-nat essentially using the packet filter as a pre-nat firewall.

12-21-2011, 03:43 PM	#19 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,454	No, the packet filter is block by default. The firewall module is pass by default. But yes you have to use the packet filter to control traffic that is terminating on the Untangle server itself. __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879

12-21-2011, 04:20 PM	#20 (permalink)
johndball Master Untangler Join Date: Apr 2008 Location: New Orleans, La Posts: 103	Done. I got it working so that all is blocked except what I open up both pre and post NAT.