HTTP traffic seems to bypass Web Filter

[jerms]

Running in bridge mode turns on port security on the switch it's connected to and I don't have control of some of the core network equipment, so if I just put the internal and external interfaces in separate ranges should that work?

[raditude]

Yes, but you will be running double NAT would be my guess.

[dbunyard]

You can turn off the NAT and run it as a natless router, that's what I am doing both at home and at work. Then it's just another hop to the gateway. This avoids the problems with a double NAT and the strangeness that I have had with bridged mode.

[dmorris]

Quote:

Originally Posted by jerms

The configuration is basically:

PC
IP 10.64.252.65/24
GW 10.64.252.34
|
UT
Internal IP 10.64.252.34/24
External IP 10.64.252.32/24
GW 10.64.252.1
|
Firewall
|
Router
|
Internet

This doesn't make sense.
You cant have two different interfaces with both the same subnet.
I think you want bridge mode. Re-run the setup wizard in config->system and select bridge mode. Don't change the gateway on the PC to untangle, leave it to the firewall.

I'm suprised you're online at all with this setup. That would indicate to me that there is a switch somewhere that you are not illustrating in the diagram with both UT interfaces plugged into it.

[sky-knight]

Quote:

Originally Posted by dbunyard

You can turn off the NAT and run it as a natless router, that's what I am doing both at home and at work. Then it's just another hop to the gateway. This avoids the problems with a double NAT and the strangeness that I have had with bridged mode.

It's also an advanced deployment option that requires a higher level understanding of routing that confuses many. Which considering the OP committed the 101 error of putting two interfaces of a router on the same subnet, I'm assuming this suggestion might make the process of implementing Untangle more difficult.

[jerms]

Quote:

Originally Posted by dbunyard

You can turn off the NAT and run it as a natless router, that's what I am doing both at home and at work. Then it's just another hop to the gateway. This avoids the problems with a double NAT and the strangeness that I have had with bridged mode.

Thank you for the advice. I'll test it out sometime.

Quote:

This doesn't make sense.
You cant have two different interfaces with both the same subnet.
I think you want bridge mode. Re-run the setup wizard in config->system and select bridge mode. Don't change the gateway on the PC to untangle, leave it to the firewall.

I'm suprised you're online at all with this setup. That would indicate to me that there is a switch somewhere that you are not illustrating in the diagram with both UT interfaces plugged into it.

Yes there is a switch, sorry.

Bridge mode is giving problems for some reason, it keeps triggering port security on the switch.

I was telling my IT Manager days ago that we can't have both interfaces on the same subnet and was sure this was the problem, but it was insisted that it had to be this way.

I do appreciate your help.

Quote:

It's also an advanced deployment option that requires a higher level understanding of routing that confuses many. Which considering the OP committed the 101 error of putting two interfaces of a router on the same subnet, I'm assuming this suggestion might make the process of implementing Untangle more difficult.

My lower level of understanding made me purchase SmartFilter for 1,100+ computers and I'm now doing URL filtering with my Cisco ASA 5510 and that seems to be working for me just fine.

[dmorris]

Quote:

Originally Posted by jerms

Yes there is a switch, sorry.

Bridge mode is giving problems for some reason, it keeps triggering port security on the switch.

You can't plug both interfaces into the same switch.
Untangle must be in-line. Its not inline if you hang it off to the side with two interfaces plugged into the switch.

Your switch probably detected a loop and disabled the ports (as it should otherwise you'll flood your own network to death)

[jcoehoorn]

I know you said you can't change this, but from what I see you want to put untangle in router mode and then just throw out both your existing router and your existing firewall, as untangle should be able to easily handle both functions.

[jerms]

Quote:

Originally Posted by dmorris

You can't plug both interfaces into the same switch.
Untangle must be in-line. Its not inline if you hang it off to the side with two interfaces plugged into the switch.

Your switch probably detected a loop and disabled the ports (as it should otherwise you'll flood your own network to death)

Yes, my REAL problem is others control some of the core equipment which I don't have access to. I'm pretty convinced that there is at least some degree of physical setup wrongness that is most likely contributing.

In any case, I also have Smoothwall that I MUST have work in conjunction and have no way around that. Smoothwall is across 60 or so different campuses and they all work in tandem. The way it's set up, I have no way to change it without effecting all campuses. It's complicated - that's what she said. However, one campus needs additional filtering options and the only way I can do it is adding another filter. But after searching around a bit I see that this might not be so easy with UT.

Quote:

I know you said you can't change this, but from what I see you want to put untangle in router mode and then just throw out both your existing router and your existing firewall, as untangle should be able to easily handle both functions.

Ya, easier said then done.

[sky-knight]

Each campus is separate on layer two at some point, that's where you put Untangle, is at the point the campus is separated.