Page 1 of 2 12 LastLast
Results 1 to 10 of 16
  1. #1
    Newbie
    Join Date
    Jul 2021
    Posts
    13

    Question What kind of rule do I need to create (and where) to allow this traffic?

    traffic being blocked.png

    Brand new Untangle user and having a slight problem. First off, I'm no network expert but can USUALLY find my way around things but this has me scratching my head. Above is a capture of something that is currently being blocked that I need to allow.

    Old setup: internet comes in to a SB8200 cable modem and from there into an Asus router. The router goes into a switch and my server (static 192.168.1.5 IP) is plugged into the switch. I needed to set up a port forward to allow inbound traffic from this 51. address to my internal server and over a particular port.....lets say port 1500. This setup worked perfectly.

    New setup: internet comes in to a SB8200 cable modem and from there, into my Untangle firewall and from the Untangle box to the Asus router (which is now in Access Point mode) and from there, to the switch.

    Internet is AOK.... all my clients are working.... I can access the web console for Untangle, my Asus router...... not having any of the problems I had with OPNsense, pfSense, Sophos.... Untangle looks like a keeper EXCEPT....... this one little problem.

    I tried writing an inbound rule for this traffic in the Firewall app (under rules), went into network config and tried writing a rule in the port forward and NAT sections.......... but nothing is working.

    I currently have a Plex rule (allow inbound on 32400 so people can stream from me) in the port forward rules section and it's working fine. So I thought hey....no biggie.... just need to create another simple, inbound rule for my "1500" port so I tossed this in there and no go.

    So if you were writing a rule for this to work, which section would you use and how would you write it? (To make things secure, I need the rule to allow traffic only from that IP.)

    Thanks!

    Other than this, loving Untangle! Plan on buying it if I can just nail down this one little problem.

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,690

    Default

    Post your Port Forward rule.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Newbie
    Join Date
    Jul 2021
    Posts
    13

    Default

    Quote Originally Posted by jcoffin View Post
    Post your Port Forward rule.
    Here ya go: (Plex works, this new app doesn't)

    rule 2.png

    Destination and new port are both the same....."1500"
    Last edited by road hazard; 07-08-2021 at 12:19 PM.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,162

    Default

    Please stop blanking out stuff from the screen shots, if you want help we need information without censorship.

    We literally cannot help with this information as provided, and worse... you aren't any safer. The port scanners knew you had that port open inside of 10 seconds. If the service is such that you want this "safe", kill the port forward and use a VPN.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Newbie
    Join Date
    Jul 2021
    Posts
    13

    Default

    Quote Originally Posted by sky-knight View Post
    Please stop blanking out stuff from the screen shots, if you want help we need information without censorship.

    We literally cannot help with this information as provided, and worse... you aren't any safer. The port scanners knew you had that port open inside of 10 seconds. If the service is such that you want this "safe", kill the port forward and use a VPN.
    Sorry about that. Here are the unedited screen shots:

    incoming traffic.png

    rule 3.png

    Something else that just dawned on me...... why don't I see this traffic in the 'Blocked session' report? Maybe it's nothing and I'm just misinterpreting things but since it isn't working, I'd figure it should show up as being blocked?!

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,162

    Default

    Blocked sessions have to be processed as such. Things that impact the public address and aren't forwarded won't be logged by default. Which is a good thing because if it was you'd run out of drive space in a hurry.

    The rule you created matches the traffic you're reporting in the session viewer. But beware that source address flag means only that one IP address on the Internet can access the forward. So if you're testing from somewhere else... it isn't going to work because it did what you told it to do.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Newbie
    Join Date
    Jul 2021
    Posts
    13

    Default

    Quote Originally Posted by sky-knight View Post
    Blocked sessions have to be processed as such. Things that impact the public address and aren't forwarded won't be logged by default. Which is a good thing because if it was you'd run out of drive space in a hurry.

    The rule you created matches the traffic you're reporting in the session viewer. But beware that source address flag means only that one IP address on the Internet can access the forward. So if you're testing from somewhere else... it isn't going to work because it did what you told it to do.
    I understand what you're saying about only that one IP will be forwarded but as things sit now, something isn't lining up and the traffic isn't getting through to 192.168.1.5 over the specified internal port (6789). It's clear the traffic is reaching my public IP but something is amiss. With my old setup, I needed that port forwarded and doing the same rule with my Asus router, no problem.

    With the new setup, if that rule is written correctly.... any other ideas?

    I even tried editing the rule to say if traffic destined for port 6789 was coming in from ANY IP address, forward it to 192.168.1.5 and still no go.

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,162

    Default

    Then I suggest you look inward.

    When you changed to Untangle what does that mean? The system you're forwarding to, is it DHCP assigned? Is it static?

    If it's the latter, did you update it to make the new router?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Newbie
    Join Date
    Jul 2021
    Posts
    13

    Default

    Quote Originally Posted by sky-knight View Post
    Then I suggest you look inward.

    When you changed to Untangle what does that mean? The system you're forwarding to, is it DHCP assigned? Is it static?

    If it's the latter, did you update it to make the new router?
    Changed to Untangle meaning I use to have my network behind just my Asus router. But since I wanted more security and controls around the traffic coming and going from my house, I've been looking at installing some firewall software (pfSense, OPNsense, Sophos XG, Untangle, etc) on a Dell PowerEdge server (supreme overkill).

    In my current setup, Untangle on the server is now my main gateway to the internet and the Asus router has been put into Access Point mode.

    And yes, the system I'm forwarding to has a static IP (192.168.1.5).

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,162

    Default

    Quote Originally Posted by road hazard View Post
    Changed to Untangle meaning I use to have my network behind just my Asus router. But since I wanted more security and controls around the traffic coming and going from my house, I've been looking at installing some firewall software (pfSense, OPNsense, Sophos XG, Untangle, etc) on a Dell PowerEdge server (supreme overkill).

    In my current setup, Untangle on the server is now my main gateway to the internet and the Asus router has been put into Access Point mode.

    And yes, the system I'm forwarding to has a static IP (192.168.1.5).
    Exactly, and this change requires the new router to have the exact same IP configuration as the old one, and if not all static devices must be adjusted.

    Specifically I want you to make sure that 192.168.1.5 has whatever Untangle is using as an internal IP address, I assume 192.168.1.1, as its default gateway. AND, if 1.5 is WINDOWS BASED, you've booted the firewall appropriately because the change in MAC address will trigger it to reset any network based rules you may have created there.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2