|
|
#1 (permalink) |
|
Untangler
Join Date: Dec 2006
Location: Miami, FL
Posts: 96
|
Hey gang, recently had to promote my Untangle box from Transparent to full router/firewall to accomodate multiple static IP addresses. I have added a PASS rule to the firewall to allow PINGs but I still cannot ping my server from the outside. What am I doing wrong?
Also, if I port forward my servers do I have to open the ports on the firewall as well or will the port forward take care of that? Last edited by etrigan63; 08-15-2007 at 07:18 PM.. Reason: Thought of something else... |
|
|
|
|
#2 (permalink) |
|
Master Untangler
![]() Join Date: Apr 2007
Posts: 387
|
hi etrigan63.
if box is doing NAT, try setting redirect rules from the router module. Yes. port forward will do the trick. unless, the firewall global settings is set to block, then you need to create pass rules for those ports. |
|
|
|
|
#3 (permalink) |
|
Untangler
Join Date: Dec 2006
Location: Miami, FL
Posts: 96
|
Okaayyy...
So I have to port forward my Untangle box (which is my edge device) to allow pings? Also, I ran a Shields Up test against the firewall and failed miserably. What am I doing wrong and what can I do about it? |
|
|
|
|
#4 (permalink) |
![]() Join Date: Aug 2007
URLs submitted: 171
Posts: 4,802
|
The Shields Up test actually did not fail. Refer to a post titled "Firewall - Stealth Ports" last responded to 4 days ago. The Untangle FIREWALL is not allowing traffic to pass through those ports, but is not hiding them either (as firewall users are accustomed to). The ATTACK BLOCKER would prevent intrusions. As was mentioned in the post I referred to, the ability to hide/show ports will likely be tunable in the future.
|
|
|
|
|
#5 (permalink) |
|
Untangle Junkie
Join Date: Nov 2006
URLs submitted: 2
Posts: 71
|
About the Shields Up test, the results you're seeing aren't valid... have a look at this thread for more info: http://forums.untangle.com/networking/186-alot-open-ports.html
|
|
|
|
|
#6 (permalink) | |
|
Master Untangler
![]() Join Date: Apr 2007
Posts: 387
|
Quote:
what i am suggesting before is to do a ping redirect ( on Router > Port Forward ) from external interface or alias going to internal host. sorry for the confusion ![]() |
|
|
|
|
|
#7 (permalink) |
|
Untangler
Join Date: Dec 2006
Location: Miami, FL
Posts: 96
|
OK, more network details are needed here.
I have a business DSL account with AT&T which gives me 5 static IP's. I elected to go this route to circumvent an issue with the Remote Access Portal mangling Outlook Web Access on my Exchange 2007 server. Sadly, my day job requires secure web pages to be on port 443 and I could not access RAP from work otherwise (or perform remote server administration or access OWA either). The only way to get this to work with the Netopia router AT&T sent me was to set it as an Ethernet MAC bridge and have my Untangle box handle PPPoE. This part works fine. Where things get dicey is as follows: I have been assigned a static IP range from 74.169.172.104-111. 104 is network, 105 is gateway, 111 is broadcast. I have assigned 106 for Untangle access and 107 for mail/ftp/OWA. PPPoE assigns a dynamic IP but I have to use the statics. I have 105 set as the external address and 106&107 as aliases. Is this correct? I cannot ping any static address. I can ping the dynamic one assigned by PPPoE but none of the static aliases. VPN passthrough is now hosed until you deliver Untangle 5.1. I hope to beta that soon. Last edited by etrigan63; 08-16-2007 at 11:18 AM.. |
|
|
|
|
#9 (permalink) |
|
Untangler
Join Date: Dec 2006
Location: Miami, FL
Posts: 96
|
None of the "Block Ping" boxen are checked and I can ping if I ping the PPPoE dynamic address, not the static addresses. Mind you, everything else (mail, OWA, RAP, Remote Admin, FTP) works I just can't ping.
|
|
|
![]() |
| Thread Tools | |
|
|