Not logging or blocking what I check?

[Pindawen]

I'm currently testing untangle and am a little perplexed. I have a working Untangle box in bridge mode that I connect my laptop to (using a crossover cable) and from there goes into my network. I turned on logging for SSH and VNC and it is logging the protocols as expected. However, I turned on logging and blocking for telnet and RDP and I can telnet and rdp to any address I want.

Any suggestions on what I am doing wrong?

I will admit, my test box actually failed the memory requirements (256)-- but it has been passing legitimate traffic for over two days. SSH, Web, https, VNC, etc.

I hope on Monday I will be able to put Untangle on a faster machine-- but at the time, this was the only spare PC I could find etc. I did try rebooting the untangle box, to no avail.

Any advice would be helpful,

~ Aaron

[Pindawen]

On my master machine, I am blocking telnet-- yet not logging it. Although I am checking both log and block.

Any ideas on why some protocols get blocked correctly and not logged?

~ Aaron

[sky-knight]

Packet processing within linux is all done is real ram. It cannot be paged. That being said I have 3 stations behind a small unit at home with 512mb in it and it runs at 500mb when nearly idle. I think your issue is purely a lack of ram as the unit is simply bypassing the protective modules to keep the connection alive. The UT server is specifically designed to not be a door stop...

[cprompt]

Just thought I'd chip in here as I've tried to blog/log telnet (as much as proof-of-concept as a need to block telnet) and telnet sessions through UT are neither blocked or logged. The (bridged) server has plenty of ram (2.5gb) and is most certainly not a doorstop either. It does log MSN Messenger though, so it works in principal.

Maybe it is because UT is looking for signatures rather than specific ports and Windows' implementation of telnet doesn't have that signature?!?!