Newbie questions

[Diggy]

Hi, all.

As mentioned in another post, I've been running iptables/Netfilter as my company's firewall/router. It worked just fine, but now I'm looking to use UT, especially for its WAN balancing capabilities. But, coming from iptables/Netfilter, I'm not sure quite how to set up UT. Please forgive me if this is a long post, or if I posted in the wrong forum.

Here's what I have in my iptables setup:

eth0, WAN, with six aliases for DMZ
eth1, LAN, 192.168.100.1/22
eth2, DMZ, 192.168.1.1

I've created the following interfaces in UT:

eth0, WAN, 65.x.x.x, with six aliases for DMZ
eth1, LAN, 192.168.100.1/22
eth2, DMZ, 192.168.1.1
eth3, WAN2, 75.x.x.x
eth4, DMZ2 (may or may not use)

When I run netstat -ar in UT, the output looks just like that on the iptables box, except that the default gateway doesn't appear (and it is specified in the WAN and WAN 2 interface configs), and there are two entries for 192.0.2.0 (dummy0 and utun). I'm thinking that the gateway won't appear until I plug the UT box into the WAN router, and that the 192.0.2.0 addresses have to do with a VPN. Is that correct? If not, what do I need to do

I'll not use the UT box for DNS or DHCP purposes, and so have not enabled these. I did plug in my ISPs' DNS addresses in the WAN and WAN2 configuration pages.

I think that, next, I should set up my port forwards. In iptables, I've SNAT'ed and DNAT'ed (yeah, those are words :-) ), say, my Web server 192.168.1.3, external address 65.x.x.164, and forwarded the appropriate ports. What are the UT equivalents?

I guess that's a good place to pause. After all, I have to learn how to crawl first.

Many thanks.

Diggy

[WebFooL]

Hi Diggy,

I would not recomend you to do command line iptables.

To do PF go under config -> network

And for FW rules use the firewall module.

[Diggy]

Thanks, WebFool. I'm not looking to do command-line iptables. I'm trying to find the UT equivalents of what I know of iptables. I need some serious hand-holding as I set up UT.

Diggy

[jcoffin]

It might be easier to post what behavior you are looking for so we can suggest settings in the Untangle.

[dmorris]

When I run netstat -ar in UT, the output looks just like that on the iptables box, except that the default gateway doesn't appear (and it is specified in the WAN and WAN 2 interface configs), and there are two entries for 192.0.2.0 (dummy0 and utun). I'm thinking that the gateway won't appear until I plug the UT box into the WAN router, and that the 192.0.2.0 addresses have to do with a VPN. Is that correct? If not, what do I need to do

That sounds correct. No, the gateway will never appear there.

[dmorris]

I think that, next, I should set up my port forwards. In iptables, I've SNAT'ed and DNAT'ed (yeah, those are words :-) ), say, my Web server 192.168.1.3, external address 65.x.x.164, and forwarded the appropriate ports. What are the UT equivalents?

DNAT = port forward in config->networking->port forwards
SNAT = nat policy in config->networking->interfaces->edit->nat policies

[Diggy]

OK, thanks.

If SNAT = nat policy in config->networking->interfaces->edit->nat policies, I've done so in the DMZ interface, since those are the machines to be SNAT'ed. Correct?

Vis-a-vis DNAT, do I just have to specify the port, protocol, source interface (External), and new destination (DMZ machine)?

Diggy

[hlarsen]

a) yes
b) i would remove Source Interface and replace it with Destination Address, which will be the public IP outside hosts will connect to

[Diggy]

Thank you. Thought as much, but felt it better to ask. I'll set all of that up. I know I'll be back with more questions. I appreciate everyone's prompt and informative responses.

Diggy

[Diggy]

In Port Forwards, I've added source address, port, protocol, and new destination (DMZ machine). I'm just curious as to why I wouldn't also add the source interface?

Thanks.

Diggy