Results 1 to 7 of 7
  1. #1
    Untangler
    Join Date
    Jan 2015
    Posts
    85

    Wink Yet another Client cant reach the net thread.....

    Hi Guys

    I am stuffed.... read and read.... and no luck!

    I had earlier PPPoE issues, which I believe are now sorted as I can get to the Untangle appstore and the web from the Untangle box, but I am damned if I can get any browser out to the web from a client.

    Setup is:

    ISP Modem -> PPPoE -> Untangle box -> Internal lan

    This is setup as router, not bridged.

    I have the local lan client default gateway set to the untangle inside IP.

    I can reach the Untangle admin interface from inside lan.

    I am using Google public DNS (at least for the tests).

    I CAN tracert to 8.8.8.8 from a client, and it traverses the Untangle box and reaches Google as it should.

    I CANNOT get any browser to reach the web at all from a local lan client (No proxy set in browser settings as I understand I dont need it).

    I CAN ping 8.8.8.8 from a local lan client - as expected.

    I CANNOT ping an external FQDN from a local client which has 8.8.8.8 set as its ONLY DNS.

    In terms of Untangle, I dont have any apps or modules installed other than the setup wizard config (rack is empty).

    As a test, earlier, I added a NAT rule, type protocol, "is", and in value, ticked each box (so all protocols, being desperate!) and the NAT type left as AUTO.

    If I remove this NAT rule, I CANNOT ping 8.8.8.8 from a local lan client, so as expected (well, *I* expected!) that to get anything out, I would need a rule to pass it through to the net.

    So - I'm stuck!

    Other questions I have are around the firewall and Web Filters - how do these overlay the basic Untangle setup I hope to have working underneath?
    Think thats probably a question for another day however!


    Thanks in advance....


    David
    Last edited by BestGear; 01-18-2015 at 01:22 PM.

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,268

    Default

    Again, I would contact support. You aren't doing anything wrong as far as I can tell, but I think you've found yet another PPPoE use case bug, and all the frustration in the world isn't going to help you sort it without dev help.

    As for how Untangle works, you get the core networking functioning, and all TCP and UDP packets are passively thrown into the rack for processing on the way through. So all you have to do is configure the modules to do what you need them to. But it's foolish to even install them at this stage, it's just more problems to track down.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untangler
    Join Date
    Jan 2015
    Posts
    85

    Default

    Quote Originally Posted by sky-knight View Post
    As for how Untangle works, you get the core networking functioning, and all TCP and UDP packets are passively thrown into the rack for processing on the way through. So all you have to do is configure the modules to do what you need them to. But it's foolish to even install them at this stage, it's just more problems to track down.


    Many thanks for the reply... I had avoided "the rack" in an attempt to keep it simple....

    Thanks for confirming how the "stack" works.... just as I had hoped it would.

    I will raise a ticket tomorrow and see how it goes.


    Out of interest, Google did find one reference to using BT Infinity (my ISP/service) with untangle and they made no reference to the tagging so I have no idea how it could have ever worked. I did go back to no tag just to check and the untangle box fails to get to the web, so assume its needed.

    The cisco 887va this is to replace needs the vlan tag so cant see how it would ever work without it.



    David
    Last edited by BestGear; 01-18-2015 at 01:29 PM.

  4. #4
    Untangler
    Join Date
    Jan 2015
    Posts
    85

    Default

    Guys

    Just a thought... wonder if its worth adjusting (sure I have used 1492 before) the MTU on the external interface?

    I assume AUTO is auto path discovery.... which may not work...

    I have seen issues before like this and the mtu has been to blame.

    Just need to see where I set the mtu on the interface now!

    David
    Last edited by BestGear; 01-18-2015 at 01:49 PM.

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,268

    Default

    Actually, I think your issue is one of routing. The real physical external interface, is that marked as a WAN? And does it have a default gateway?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Untangler
    Join Date
    Jan 2015
    Posts
    85

    Default

    Hi

    It is marked as WAN...both the physical interface and the vlan too....

    INteresting though, since getting the "basic" connectivity from the UT box working, the interfaces config page no longer shows the IP details from dhcp..... even when you refresh.

    The interfaces page does not show IP addresses for the physical or vlan....

    But it is connected to the net otherwise I could not tracert to 8.8.8.8 etc....

    Definitely a few bugs in there methinks (displaying IP details for one).... wish you could just add a vlan to the primary interface, like you would on other devices, but I guess there will be a good reason inside UT that its done this way.

    Will try MTU tomorrow and report back.

    David

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,268

    Default

    Yeah, but display bugs aren't messing with functionality.

    My concern is this, Untangle only supports 1 WAN. So if your physical NIC is marked as WAN, and the virtual NIC with the PPPoE and VLAN is also marked as WAN. Untangle will push packets to the first default gateway, because that's WAN1. Because unless you have WAN Balancer and Failover installed and configured, you can't use the second WAN for egress, and you can't control stuff leaving the network properly.

    So I would suggest unchecking the "is wan" on External, and leaving it enabled on the virtual NIC and see what happens.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2