Enabling SSH - Page 2

Mathiau · 07-07-2010, 10:14 AM

Quote:

Originally Posted by WebFooL

All access to Untangle it self is controlled by packet filters.

So go to Config->Networking->Advanced->Packet filter
Then add a new filter.

From Interface External
To Destination Local
Port 22
Block

I just did this, but it still allowed access, then i looked below and on the system Packet Filter Rules and there is a rule that is:

Accept SSH traffic from all interfaces

I turned off this rule,. but then even internal access doesn't work..

attaches is my packet filter rule, but with that in place i can still access SSH externally.. do i need to reboot the system?

sky-knight · 07-07-2010, 11:01 AM

The source interface External, Destination Local, Destination port 22, protocol TCP rule does indeed work. If that didn't prevent access to SSH from the external interface you either didn't put it in correctly, or you have a very broken Untangle server.

Quite literally every Untangle I have out there uses that rule...

Mathiau · 07-07-2010, 12:22 PM

weird, i am doing a scheduled reboot in about 10 mins, maybe see if that does it, it is set as in the screen shot shows.

this is a standard 7.2 clean install with an update to 7.3, didnt do any add-ons like ntop or anything (got tired of the problems is caused with updates)

perhaps this install has gone south, perhaps also explains my OpenVPN issues with it working on second and not the next (client)

sky-knight · 07-07-2010, 12:24 PM

Yeah, my install is nuked too.

Mathiau · 07-07-2010, 12:56 PM

reboot didn't do it, still shows open on port 22 with a GRC scan with that packet filter rule in place.

Is this a new issue with 7.3 or something, breaking installs after some time of usage, i would think the UT installer would do a verification that all items installed correctly before completing and letting you run it..

sky-knight · 07-07-2010, 01:00 PM

Or you've configured it wrong? Screen shot your block rule please.

Mathiau · 07-07-2010, 01:06 PM

screenshot is in above post

http://forums.untangle.com/networkin...tml#post108417

i tried it on reject and drop, i don't doubt it could be wrong, today seems to be a day full of blonde moements.

sky-knight · 07-07-2010, 01:26 PM

Drop = Stealth
Reject = Closed

And that rule will work... if it doesn't you have another packet filter rule in there somewhere that is messing with things. The user packet filter rules ALWAYS take priority over the system rules.

Mathiau · 07-07-2010, 02:46 PM

that is the only packet filter rule i have in the system

good to know about dropped and rejected!

sky-knight · 07-07-2010, 04:09 PM

Then something is wrong with your system, or the port scan isn't scanning Untangle.

07-07-2010, 11:01 AM	#12 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,460	The source interface External, Destination Local, Destination port 22, protocol TCP rule does indeed work. If that didn't prevent access to SSH from the external interface you either didn't put it in correctly, or you have a very broken Untangle server. Quite literally every Untangle I have out there uses that rule... __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879

07-07-2010, 12:22 PM	#13 (permalink)
Mathiau Join Date: Feb 2008 Location: Costa Frickn' Rica Posts: 1,467	weird, i am doing a scheduled reboot in about 10 mins, maybe see if that does it, it is set as in the screen shot shows. this is a standard 7.2 clean install with an update to 7.3, didnt do any add-ons like ntop or anything (got tired of the problems is caused with updates) perhaps this install has gone south, perhaps also explains my OpenVPN issues with it working on second and not the next (client) __________________ Def1:Started:UT 7.1 x64 -- Current :UT 9.1 x64\| Gigabyte GM-G31 mATX \| Intel Q8200 \| 8G DDR2 800 \| 80G WD \| 4x Intel Pro 1000 GT NIC's \| Corsair 550W PSU \| Norco RPC-250 2U Case \| 50mb/50mb \| 10 users

07-07-2010, 12:24 PM	#14 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,460	Yeah, my install is nuked too. __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879

07-07-2010, 12:56 PM	#15 (permalink)
Mathiau Join Date: Feb 2008 Location: Costa Frickn' Rica Posts: 1,467	reboot didn't do it, still shows open on port 22 with a GRC scan with that packet filter rule in place. Is this a new issue with 7.3 or something, breaking installs after some time of usage, i would think the UT installer would do a verification that all items installed correctly before completing and letting you run it.. __________________ Def1:Started:UT 7.1 x64 -- Current :UT 9.1 x64\| Gigabyte GM-G31 mATX \| Intel Q8200 \| 8G DDR2 800 \| 80G WD \| 4x Intel Pro 1000 GT NIC's \| Corsair 550W PSU \| Norco RPC-250 2U Case \| 50mb/50mb \| 10 users

07-07-2010, 01:00 PM	#16 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,460	Or you've configured it wrong? Screen shot your block rule please. __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879

Protect

Filter

Perform

Connect

Manage

Add-Ons

07-07-2010, 01:06 PM	#17 (permalink)
Mathiau Join Date: Feb 2008 Location: Costa Frickn' Rica Posts: 1,467	screenshot is in above post http://forums.untangle.com/networkin...tml#post108417 i tried it on reject and drop, i don't doubt it could be wrong, today seems to be a day full of blonde moements. __________________ Def1:Started:UT 7.1 x64 -- Current :UT 9.1 x64\| Gigabyte GM-G31 mATX \| Intel Q8200 \| 8G DDR2 800 \| 80G WD \| 4x Intel Pro 1000 GT NIC's \| Corsair 550W PSU \| Norco RPC-250 2U Case \| 50mb/50mb \| 10 users

07-07-2010, 01:26 PM	#18 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,460	Drop = Stealth Reject = Closed And that rule will work... if it doesn't you have another packet filter rule in there somewhere that is messing with things. The user packet filter rules ALWAYS take priority over the system rules. __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879

07-07-2010, 04:09 PM	#20 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,460	Then something is wrong with your system, or the port scan isn't scanning Untangle. __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879