Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1
    Untanglit
    Join Date
    Jul 2009
    Location
    Itajubá-MG-Brazil
    Posts
    26

    Default Firewall not working when using bridge mode

    Hello friends, how are you?

    We are using untangle as bridge mode (internal interface bridge to the external interface - WAN).

    Some firewall rules are not working. First, I did a full block from external to internal only, but my ip phone can be accessed http://200.131.129.58.

    As I now, untangle default mode is to open everything. So, I have only a few unblocked ips and networks and it´s a good idea to block everything before open the desired ports, allright?

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,729

    Default

    I would find the specific session in question in reports and click on it and post a screenshot and post your rules export.
    Last edited by dmorris; 10-30-2018 at 12:07 PM.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untanglit
    Join Date
    Jul 2009
    Location
    Itajubá-MG-Brazil
    Posts
    26

    Default

    I'll send email to support. Currently we're evaluating the firewall

  4. #4
    Master Untangler
    Join Date
    May 2010
    Location
    Texas, USA
    Posts
    690

    Default

    Just remember the Firewall app is TCP/UDP only... ICMP will still go through even with a 'block all' Firewall rule. To stop protocols other than TCP/UDP you have to use Filter Rules.

    Personally I hate that, and wish we could do traffic control in ONE place instead of TWO. But it is what it is.

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,355

    Default

    Quote Originally Posted by JasonJoel View Post
    Just remember the Firewall app is TCP/UDP only... ICMP will still go through even with a 'block all' Firewall rule. To stop protocols other than TCP/UDP you have to use Filter Rules.

    Personally I hate that, and wish we could do traffic control in ONE place instead of TWO. But it is what it is.
    It's not that the firewall only sees TCP/UDP, it's that the rack as a whole only sees TCP/UDP. This limitation applies to everything operating in the UVM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Master Untangler
    Join Date
    May 2010
    Location
    Texas, USA
    Posts
    690

    Default

    Good point. I shouldn't have insinuated that it is only the Firewall app that behaves this way.

  7. #7
    Untanglit
    Join Date
    Jul 2009
    Location
    Itajubá-MG-Brazil
    Posts
    26

    Default

    Here is the firewall file rules.

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,355

    Default

    Quote Originally Posted by JasonJoel View Post
    Good point. I shouldn't have insinuated that it is only the Firewall app that behaves this way.
    We're getting off topic, but I wonder with all the efficiency gains in Untangle in the last few years, if the UVM could handle more. The original decision to limit things to TCP and UDP as I understand it was performance.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Master Untangler
    Join Date
    May 2010
    Location
    Texas, USA
    Posts
    690

    Default

    Probably... But my point is more around optics and usability. I'm not sure I need the entire rack to support non-TCP/UDP traffic right now.

    But from a usability standpoint I would definitely like to control access/filter/firewall rules all in one place. While they are TECHNICALLY different behind the scenes, from an administrator standpoint they are FUNCTIONALLY equivalent and thus should be in one spot.

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,355

    Default

    Quote Originally Posted by JasonJoel View Post
    Probably... But my point is more around optics and usability. I'm not sure I need the entire rack to support non-TCP/UDP traffic right now.

    But from a usability standpoint I would definitely like to control access/filter/firewall rules all in one place. While they are TECHNICALLY different behind the scenes, from an administrator standpoint they are FUNCTIONALLY equivalent and thus should be in one spot.
    Except the visible logging... and the integration with policy manager...

    All of that being said, moving the filter rules tab from config -> networking into the firewall module itself as a filter rules tab, and havig that tab always have the same stuff in it regardless of which instance of firewall you're working with might work, provided some screen space was dedicated to a short explanation.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2