Page 5 of 6 FirstFirst ... 3456 LastLast
Results 41 to 50 of 58
  1. #41
    Untangle Ninja raditude's Avatar
    Join Date
    Jan 2009
    Location
    Eugene, OR
    Posts
    1,143

    Default

    Are these servers (the ones that UT controls) used by the MPLS? The NAT policy changes all the traffic from those servers, which your static routes never included (based on I believe the server we talked about was on the 192.168.1.x network, and the statics you have noted in the routes are 2.x and 3.x, so nothing on the 1.x network should have been effected regardless, at least not from the UT side of things. Of course I am only thinking about the UT part of the this so just a sliver of your network, and 1 change does or can have other implications that is for sure. However without knowing the whole picture it is hard to give any information on the rest of it. I can only speak for the NAT portion we worked on yesterday.

    Hopefully you will figure the rest out, or provide more information on that segment with issues for the community to try to give information on.

  2. #42
    Master Untangler HomeNet's Avatar
    Join Date
    Sep 2007
    Location
    Pennsylvania, USA
    Posts
    193

    Default

    Quote Originally Posted by raditude View Post
    Are these servers (the ones that UT controls) used by the MPLS? The NAT policy changes all the traffic from those servers, which your static routes never included (based on I believe the server we talked about was on the 192.168.1.x network, and the statics you have noted in the routes are 2.x and 3.x, so nothing on the 1.x network should have been effected regardless, at least not from the UT side of things. Of course I am only thinking about the UT part of the this so just a sliver of your network, and 1 change does or can have other implications that is for sure. However without knowing the whole picture it is hard to give any information on the rest of it. I can only speak for the NAT portion we worked on yesterday.

    Hopefully you will figure the rest out, or provide more information on that segment with issues for the community to try to give information on.

    Currently, each location, of which there are 3, has 2 lines coming in. One is the internet connection and the other is the MPLS (point-to-point) connection. At each location, there's an Untangle firewall/router that handles all traffic. In said routers, are route statements that point traffic to the other locations and whatever doesn't match up to a route statement, goes out to the internet.

    Location 1 = 192.168.1.0/24. Location 2 = 192.168.2.0/24. Location 3 = 192.168.3.0/24.

    We worked on the UT at L1. All servers are at L1. Users at L2 & L3 will get into the servers at L1 via corresponding route statements & the MPLS.

    Myself and other remote companies will gain access to the same servers via the WAN interface on the UT. At this point, port forwarding and firewall rules apply since we are coming in from the outside world.

    Here's how I visualize the packets' path/hops:
    • Source packet from me to L1... > my local network > internet > WAN side of UT @ L1 > firewall/NAT/port-forward rules applied > L1 local network > L1 server > back, the same way it came, to source...


    • Source packet from L1 server to L2 (or L3) client... > L1 local network > UT route statement > MPLS router @ L1 > Verizon MPLS > MPLS router @ L2 > UT route statement > L2 local network > L2 client > back, the same way it came, to source...


    Unless I'm misunderstanding how traffic flows, I don't see how/why those NAT policies would've even touched the traffic going from L1 to L2/L3.

  3. #43
    Untangle Ninja raditude's Avatar
    Join Date
    Jan 2009
    Location
    Eugene, OR
    Posts
    1,143

    Default

    From what I see you are correct, the changes we discussed should have no bearing on the L2/L3 traffic, however that being said did you reboot Server A (the .1.x server we worked on the port forwards for)? If not and if it had previous communication with L2 or L3 prior to the NAT change, it had cached route information, thus it tried to go out the same path as before.

    Now I have tried this multiple times, and believe me I have never been able to replicate it with any pattern, one time I will make a change and will get something funny happen (to which a reboot/ip flush) usually cures, the next time it will clear itself correctly immediately and work without any issues. Ah I love it when things work correctly, but as stated I have never been able to force replicate the issue.

    I am not saying this is what you are/were experiencing, I am just letting you know what I have seen/experienced. It is enough to tear my hair out, luckily it grows back fast...

  4. #44
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,396

    Default

    Untangle doesn't have a way to flush its session table. So if the server in question was communicated with any time in the last 5 min over the untangle server... the session cache will still be there and used over the change in NAT policy. The annoying part is, the cached entry will renew on each use. So it can potentially never expire! Rebooting Untangle generally cures this. The only case it doesn't is with site-to-site tunnels... things can get very fun to fix in there.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #45
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,275

    Default

    There is "/usr/share/untangle/bin/kill_all_session"
    Running that script resolvs in:
    Code:
    /usr/share/untangle/bin # ./kill_all_sessions              
    Shutdown sessions on all policies
    Don't know if that clears the cache or not.

  6. #46
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,367

    Default

    Recently in the post 34 word MPLS appears, and the concept of multi site.
    Why not document here well all your network to understand the big picture?

  7. #47
    Master Untangler HomeNet's Avatar
    Join Date
    Sep 2007
    Location
    Pennsylvania, USA
    Posts
    193

    Default

    Quote Originally Posted by dwasserman View Post
    Recently in the post 34 word MPLS appears, and the concept of multi site.
    Why not document here well all your network to understand the big picture?
    Mostly because the MPLS bit of it doesn't belong in the post, as it was started because of an inability to get through the UT from the outside world. I don't wish to clutter up the topic with too much "unneeded" info.

  8. #48
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,367

    Default

    Is that why we are in the message 50 and its still not right.
    Too much is only a decent diagram, with the most important devices and her ip address.
    Maybe the routing table of the routers also.
    Of course the public ip can be shadowed.

  9. #49
    Master Untangler HomeNet's Avatar
    Join Date
    Sep 2007
    Location
    Pennsylvania, USA
    Posts
    193

    Default

    Quote Originally Posted by dwasserman View Post
    Is that why we are in the message 50 and its still not right.
    Too much is only a decent diagram, with the most important devices and her ip address.
    Maybe the routing table of the routers also.
    Of course the public ip can be shadowed.
    Well, I wouldn't say it's not right. As I sated before, everything works just as it used to now. And, that seemed to happen after I made the changes and then removed said changes. I've attached an ugly map. Per the request of dwasserman.

  10. #50
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,367

    Default

    Well
    From the picture, i can said that each site have your own conection to internet, and only remain the access from Hatfield and Weastamtomp to the servers in Eagle. This is correct?

Page 5 of 6 FirstFirst ... 3456 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2