Firewall Mystery

[redhale3]

I am running the Untangle Premium Package version 9.1.1. Two days ago CenturyLink, my internet provider, had an outage. Since then Untangle has blocked ports 80 and 443. I didn't make any changes to the configuration. It did it on it's own. I had a similar experience around Thanksgiving when we had a power outage. I assumed that the power failure had corrupted files. At that time I wiped and reloaded my Untangle.

I have a Windows Small Business Server 2008 behind it so I have forwarded ports for email (25) and Remote Web Workplace (443, 4125). Those have continued to work normally. I also use OpenVPN and it continues to work normally.

At first it looked like it was a DNS problem so I tried changing the DNS servers. That didn't help. I opened IE and typed in IP addresses for sites such as Google and MSN and still couldn't open them. I removed services such as WAN balancer that I was not using. I looked at services to see if they were recording that they are blocking sites or requests and I didn't see any. I systematically turned off the services in the rack and checked after each one. It still didn't help. I did that until I had turned off everything in the rack. It didn't help. I removed the firewall module and tested again and it worked! I figured it was somehow corrupted and I reinstalled the firewall. It stopped working again. I removed the firewall module again and tested again. No websites would load on any computers. I went into the network configuration and created a forwarding rule to forward port 80 to any computer on the network. I tested again and it worked! I pullled up multiple websites without problems. Then I let my wife know that it was working. She tried to open websites and it didn't work. I tested again and it had stopped working. It appears that it's adaptive!

I don't know what else to try. Unfortunately, I'm 360 miles away from the firewall and don't have hands on access.

[redhale3]

I'm trying to create a rule to forward all ports to all IP address on my network and now I can't use a / or - in the rule. Is it something new in version 9.1.1.?

[johndball]

Quote:

Originally Posted by redhale3

I am running the Untangle Premium Package version 9.1.1. Two days ago CenturyLink, my internet provider, had an outage. Since then Untangle has blocked ports 80 and 443. I didn't make any changes to the configuration. It did it on it's own. I had a similar experience around Thanksgiving when we had a power outage. I assumed that the power failure had corrupted files. At that time I wiped and reloaded my Untangle.

I have a Windows Small Business Server 2008 behind it so I have forwarded ports for email (25) and Remote Web Workplace (443, 4125). Those have continued to work normally. I also use OpenVPN and it continues to work normally.

At first it looked like it was a DNS problem so I tried changing the DNS servers. That didn't help. I opened IE and typed in IP addresses for sites such as Google and MSN and still couldn't open them. I removed services such as WAN balancer that I was not using. I looked at services to see if they were recording that they are blocking sites or requests and I didn't see any. I systematically turned off the services in the rack and checked after each one. It still didn't help. I did that until I had turned off everything in the rack. It didn't help. I removed the firewall module and tested again and it worked! I figured it was somehow corrupted and I reinstalled the firewall. It stopped working again. I removed the firewall module again and tested again. No websites would load on any computers. I went into the network configuration and created a forwarding rule to forward port 80 to any computer on the network. I tested again and it worked! I pullled up multiple websites without problems. Then I let my wife know that it was working. She tried to open websites and it didn't work. I tested again and it had stopped working. It appears that it's adaptive!

I don't know what else to try. Unfortunately, I'm 360 miles away from the firewall and don't have hands on access.

Are you running attack blocker? Same thing happened to me when I upgraded and rebooted to 9.1.1. I thought it was a DNS issue too. I could have copied your post word for word less the power outage. Disabling attack blocker fixed it for me.

[redhale3]

I was running Attack Blocker. I disabled and tried a connection. Still couldn't bring up a website. Then I removed. Still can't. Maybe reboot?

[johndball]

See, that solved my problem and the problem I had was explained exactly like your problem.

I'm wondering if something got carried over from my upgrade, and your crash, that made a corrupted modification.

Meh. It is over my head. Maybe the Untangle ninjas can untangle our problems.

[redhale3]

I hope so. I haven't been able to figure it out.

[dmorris]

A port forward rule to any computer on the network? What does that mean? Post a screenshot of your rule.

A port forward rule can only have one destination.

It sounds like you are creating a port forward rule that matches all port 80 traffic and forwards it to some random location.

[redhale3]

Unfortunately, I deleted it.

[dmorris]

So then everything is working?
I'm confused. I'd just call or email support.

[redhale3]

No, I still can't get any web pages to load on computers behind the firewall. I would have called support, but it's the holiday.