Results 1 to 10 of 10
  1. #1
    Newbie
    Join Date
    Jan 2021
    Posts
    10

    Question port forward while behind Verizon router

    Hi guys, pretty new to Untangle, so far loving it !.
    I'm trying to setup a docker-mail server.

    I have my domain name resolving to my external IP provided by my Verizon Router at home.
    My Untangle is connected to that external facing Verizon router.

    I'm wondering how do I forward the port 80 to my internal Webmail page.
    so for this exercise.

    my untangle IP on the Verizon router is 192.168.1.2
    My Webmail server is 192.168.3.2

    I went on my Verizon Router and put a port forward rule for port 80 to 192.168.1.2 (untangle IP visible by the Verizon router)
    I went to my Untangle and did a port forward rule for port 80 to 192.168.3.2 (Webmail server).

    When I hit my domain name it does not seems to work (not responding). When I hit 192.168.3.2, it works (which mean the server is running fine).
    Any idea what Am I doing wrong?
    Do I have to enable DMZ on the Verizon Router and expose my Untangle? I already did that but does not work either.
    Thanks in advance for your help

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,490

    Default

    First, double NAT is usually a giant headache and something you should avoid. However, you are correct to attempt two forward rules in this case. Now, without actual screen shots of both forwards to confirm their integrity, I'm going to caution you...

    The vast majority of ISPs flat block TCP 80 inbound. Unless you're on an unfiltered commercial grade connection, your ISP is more than likely flat preventing TCP 80 from ever getting to your equipment.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Newbie
    Join Date
    Jan 2021
    Posts
    10

    Default

    I see, thank you for your response. I'll then remove the DMZ option and do the port 80 forward.
    I think my TCP 80 inbound should work. When I setup the new domain name and tried it it went strainght to my router admin page

  4. #4
    Newbie
    Join Date
    Jan 2021
    Posts
    10

    Default

    So this is my router config
    Capture.PNG

    And this is my Untangle config
    Capture2.PNG

  5. #5
    Untangler
    Join Date
    May 2008
    Posts
    520

    Default

    192.168.1.92 ?

  6. #6
    Newbie
    Join Date
    Jan 2021
    Posts
    10

    Default

    yeah the IP I gave were example.
    So the real ones are Untangle interface connected to Verizon router is 192.168.1.92
    Webserver connected to interface 3 of Untangle is 192.168.3.187

  7. #7
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,655

    Default

    You also need to move the admin GUI from port 80. Change it in Config -> Network -> Services.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,490

    Default

    You do NOT need to move the admin GUI off TCP 80. Because TCP 80 isn't serving on WAN interfaces.

    You have to move TCP 443 because it IS serving on WAN interfaces, as it serves on ALL interfaces.

    Translation, every Untangle I support has http management on 80, and two of them have public web servers running without complaint simply forwarding TCP 80. Because again, TCP 80 isn't bound on an WAN IP.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Newbie
    Join Date
    Jan 2021
    Posts
    10

    Default

    I fixed it by removing my Verizon Router and plug the ethernet cable coming from the ONT box straight into Untangle router. Too much headaches and I don't even use TV and Telephone. Much better like this.

  10. #10
    Newbie
    Join Date
    Apr 2020
    Posts
    8

    Default

    If you don't care about guide data for TV then replacing the Verizon router with Untangle is the way to go.

    If you do care about guide data there are some options. A very detailed overview of the options is here: https://www.dslreports.com/faq/veriz...tworking#16077

    I have run in two different configurations. At first I ran with the Verizon provided router as the primary and Untangle configured as a router behind it. The rest of my network was then behind Untangle. The key is to give your Untangle a static dhcp lease in the Verizon router and put it in the Verizon router's DMZ. Placing Untangle in the Verizon DMZ should make it so you don't need to setup port forwarding in the Verizon router. Everything should just work (with a few exceptions). The downside is you are double NATed. In practice I never had issues with this.

    The other option I have used (how I am running now) is Untangle as the primary router and the Verizon router behind the Untangle plugged into the Verizon WAN port. I also place the Verizon router in a VLAN that has no access to the rest of my network. This lets me get guide data for TV and not be double NATed. This has worked perfectly for me for last few months. It is not officially supported by Verizon so if you ever have issues where you need to contact them you might have to unplug the ONT from Untangle and plug it into the Verizon WAN port. This makes the customer service people happy because they can now "see" their router.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2