Results 1 to 4 of 4
  1. #1
    Newbie
    Join Date
    May 2008
    Posts
    3

    Default Not logging or blocking what I check?

    I'm currently testing untangle and am a little perplexed. I have a working Untangle box in bridge mode that I connect my laptop to (using a crossover cable) and from there goes into my network. I turned on logging for SSH and VNC and it is logging the protocols as expected. However, I turned on logging and blocking for telnet and RDP and I can telnet and rdp to any address I want.

    Any suggestions on what I am doing wrong?

    I will admit, my test box actually failed the memory requirements (256)-- but it has been passing legitimate traffic for over two days. SSH, Web, https, VNC, etc.

    I hope on Monday I will be able to put Untangle on a faster machine-- but at the time, this was the only spare PC I could find etc. I did try rebooting the untangle box, to no avail.

    Any advice would be helpful,

    ~ Aaron

  2. #2
    Newbie
    Join Date
    May 2008
    Posts
    3

    Default

    On my master machine, I am blocking telnet-- yet not logging it. Although I am checking both log and block.

    Any ideas on why some protocols get blocked correctly and not logged?

    ~ Aaron

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,497

    Default

    Packet processing within linux is all done is real ram. It cannot be paged. That being said I have 3 stations behind a small unit at home with 512mb in it and it runs at 500mb when nearly idle. I think your issue is purely a lack of ram as the unit is simply bypassing the protective modules to keep the connection alive. The UT server is specifically designed to not be a door stop...
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Newbie
    Join Date
    May 2008
    Posts
    3

    Default

    Just thought I'd chip in here as I've tried to blog/log telnet (as much as proof-of-concept as a need to block telnet) and telnet sessions through UT are neither blocked or logged. The (bridged) server has plenty of ram (2.5gb) and is most certainly not a doorstop either. It does log MSN Messenger though, so it works in principal.

    Maybe it is because UT is looking for signatures rather than specific ports and Windows' implementation of telnet doesn't have that signature?!?!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2