Cannot PING

etrigan63 · 08-15-2007, 07:15 PM

Hey gang, recently had to promote my Untangle box from Transparent to full router/firewall to accomodate multiple static IP addresses. I have added a PASS rule to the firewall to allow PINGs but I still cannot ping my server from the outside. What am I doing wrong?

Also, if I port forward my servers do I have to open the ports on the firewall as well or will the port forward take care of that?

richie · 08-16-2007, 07:59 AM

hi etrigan63.

if box is doing NAT, try setting redirect rules from the router module.

Yes. port forward will do the trick. unless, the firewall global settings is set to block, then you need to create pass rules for those ports.

etrigan63 · 08-16-2007, 08:55 AM

Okaayyy...

So I have to port forward my Untangle box (which is my edge device) to allow pings?

Also, I ran a Shields Up test against the firewall and failed miserably. What am I doing wrong and what can I do about it?

mdh · 08-16-2007, 09:15 AM

The Shields Up test actually did not fail. Refer to a post titled "Firewall - Stealth Ports" last responded to 4 days ago. The Untangle FIREWALL is not allowing traffic to pass through those ports, but is not hiding them either (as firewall users are accustomed to). The ATTACK BLOCKER would prevent intrusions. As was mentioned in the post I referred to, the ability to hide/show ports will likely be tunable in the future.

vanpatrick · 08-16-2007, 09:19 AM

About the Shields Up test, the results you're seeing aren't valid... have a look at this thread for more info: http://forums.untangle.com/networking/186-alot-open-ports.html

richie · 08-16-2007, 10:56 AM

Quote:

Originally Posted by etrigan63

Okaayyy...

So I have to port forward my Untangle box (which is my edge device) to allow pings?

i could not replicate the issue you are having on our lab. external ip including the the aliases should respond to ping.

what i am suggesting before is to do a ping redirect ( on Router > Port Forward ) from external interface or alias going to internal host. sorry for the confusion

etrigan63 · 08-16-2007, 11:13 AM

OK, more network details are needed here.

I have a business DSL account with AT&T which gives me 5 static IP's. I elected to go this route to circumvent an issue with the Remote Access Portal mangling Outlook Web Access on my Exchange 2007 server. Sadly, my day job requires secure web pages to be on port 443 and I could not access RAP from work otherwise (or perform remote server administration or access OWA either).

The only way to get this to work with the Netopia router AT&T sent me was to set it as an Ethernet MAC bridge and have my Untangle box handle PPPoE. This part works fine.

Where things get dicey is as follows: I have been assigned a static IP range from 74.169.172.104-111. 104 is network, 105 is gateway, 111 is broadcast. I have assigned 106 for Untangle access and 107 for mail/ftp/OWA. PPPoE assigns a dynamic IP but I have to use the statics. I have 105 set as the external address and 106&107 as aliases. Is this correct?

I cannot ping any static address. I can ping the dynamic one assigned by PPPoE but none of the static aliases.

VPN passthrough is now hosed until you deliver Untangle 5.1. I hope to beta that soon.

dmorris · 08-16-2007, 11:17 AM

There is a block ping checkbox for each interface under config->support->interfaces

(this will move location in 5.1)

etrigan63 · 08-16-2007, 11:22 AM

None of the "Block Ping" boxen are checked and I can ping if I ping the PPPoE dynamic address, not the static addresses. Mind you, everything else (mail, OWA, RAP, Remote Admin, FTP) works I just can't ping.

dmorris · 08-16-2007, 01:55 PM

Hmm... so the issue is that you can ping the main address, but not the aliases?

08-15-2007, 07:15 PM	#1 (permalink)
etrigan63 Untangler Join Date: Dec 2006 Location: Miami, FL Posts: 96	Cannot PING Hey gang, recently had to promote my Untangle box from Transparent to full router/firewall to accomodate multiple static IP addresses. I have added a PASS rule to the firewall to allow PINGs but I still cannot ping my server from the outside. What am I doing wrong? Also, if I port forward my servers do I have to open the ports on the firewall as well or will the port forward take care of that? Last edited by etrigan63; 08-15-2007 at 07:18 PM.. Reason: Thought of something else...

08-16-2007, 11:13 AM	#7 (permalink)
etrigan63 Untangler Join Date: Dec 2006 Location: Miami, FL Posts: 96	OK, more network details are needed here. I have a business DSL account with AT&T which gives me 5 static IP's. I elected to go this route to circumvent an issue with the Remote Access Portal mangling Outlook Web Access on my Exchange 2007 server. Sadly, my day job requires secure web pages to be on port 443 and I could not access RAP from work otherwise (or perform remote server administration or access OWA either). The only way to get this to work with the Netopia router AT&T sent me was to set it as an Ethernet MAC bridge and have my Untangle box handle PPPoE. This part works fine. Where things get dicey is as follows: I have been assigned a static IP range from 74.169.172.104-111. 104 is network, 105 is gateway, 111 is broadcast. I have assigned 106 for Untangle access and 107 for mail/ftp/OWA. PPPoE assigns a dynamic IP but I have to use the statics. I have 105 set as the external address and 106&107 as aliases. Is this correct? I cannot ping any static address. I can ping the dynamic one assigned by PPPoE but none of the static aliases. VPN passthrough is now hosed until you deliver Untangle 5.1. I hope to beta that soon. Last edited by etrigan63; 08-16-2007 at 11:18 AM..

08-16-2007, 07:59 AM	#2 (permalink)
richie Master Untangler Join Date: Apr 2007 Posts: 387	hi etrigan63. if box is doing NAT, try setting redirect rules from the router module. Yes. port forward will do the trick. unless, the firewall global settings is set to block, then you need to create pass rules for those ports.

08-16-2007, 08:55 AM	#3 (permalink)
etrigan63 Untangler Join Date: Dec 2006 Location: Miami, FL Posts: 96	Okaayyy... So I have to port forward my Untangle box (which is my edge device) to allow pings? Also, I ran a Shields Up test against the firewall and failed miserably. What am I doing wrong and what can I do about it?

08-16-2007, 09:15 AM	#4 (permalink)
mdh Join Date: Aug 2007 URLs submitted: 171 Posts: 4,802	The Shields Up test actually did not fail. Refer to a post titled "Firewall - Stealth Ports" last responded to 4 days ago. The Untangle FIREWALL is not allowing traffic to pass through those ports, but is not hiding them either (as firewall users are accustomed to). The ATTACK BLOCKER would prevent intrusions. As was mentioned in the post I referred to, the ability to hide/show ports will likely be tunable in the future.

08-16-2007, 09:19 AM	#5 (permalink)
vanpatrick Untangle Junkie Join Date: Nov 2006 URLs submitted: 2 Posts: 71	About the Shields Up test, the results you're seeing aren't valid... have a look at this thread for more info: http://forums.untangle.com/networking/186-alot-open-ports.html

08-16-2007, 11:17 AM	#8 (permalink)
dmorris Untangle Junkie Join Date: Nov 2006 Location: San Mateo, CA URLs submitted: 10 Posts: 6,394	There is a block ping checkbox for each interface under config->support->interfaces (this will move location in 5.1)

08-16-2007, 11:22 AM	#9 (permalink)
etrigan63 Untangler Join Date: Dec 2006 Location: Miami, FL Posts: 96	None of the "Block Ping" boxen are checked and I can ping if I ping the PPPoE dynamic address, not the static addresses. Mind you, everything else (mail, OWA, RAP, Remote Admin, FTP) works I just can't ping.

08-16-2007, 01:55 PM	#10 (permalink)
dmorris Untangle Junkie Join Date: Nov 2006 Location: San Mateo, CA URLs submitted: 10 Posts: 6,394	Hmm... so the issue is that you can ping the main address, but not the aliases?