Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 29
  1. #11
    Newbie
    Join Date
    May 2010
    Posts
    4

    Default

    I have created the packet filter rules that are stated here and I still fail the shields up test:

    GRC Port Authority Report created on UTC: 2010-05-13 at 21:13:29

    Results from scan of ports: 0-1055

    0 Ports Open
    0 Ports Closed
    1056 Ports Stealth
    ---------------------
    1056 Ports Tested

    ALL PORTS tested were found to be: STEALTH.

    TruStealth: FAILED - ALL tested ports were STEALTH,
    - NO unsolicited packets were received,
    - A PING REPLY (ICMP Echo) WAS RECEIVED.

    My Untangle server is setup as a router. Internet > DSL Modem > Untangle

    Could my ISP be the cause of this? I've tried talking to them about this and they say it's my firewall that I should look at.

  2. #12
    Untangle Ninja
    Join Date
    Jan 2009
    Posts
    1,186

    Default

    You failed for ping response.
    The system packet filter rules has one to allow ping on all interfaces.
    You should be able to create a rule to block icmp on external if you wanted that.

  3. #13
    Newbie
    Join Date
    May 2010
    Posts
    4

    Default system not stealth

    First let me say that I appreciate any advise that anyone can give me. I am not what you would call an "expert" by any means.

    Thus far I have done the following to my untangle server and still can not stealth my icmp echo reply:

    Config -> Networking -> Advanced -> Packet Filter

    Create a new rule that says this:

    Enabled: Checked
    Description: Halt SSH on External
    Action: Drop

    Destined Local
    Destination Port 22
    Protocol: TCP
    Source Interface: External

    That will correct the SSH port reporting CLOSED.

    Now, 443 is supposed to be open! That is your external secure admin. No, disabling external admin doesn't close this port. If you want to close it create a second packet filter rule just like the SSH rule, just change the destination port to 443.

    Finally, Untangle will respond to ICMP by default, if you want to control pings install this packet filter rule.

    Enabled: Checked
    Description: Halt ICMP on External
    Action: Drop

    Source Interface: External
    Protocol: ICMP


    Create a packet filter rule that drops all external traffic

    Enabled
    Description: Complete Stealth
    Action: Drop
    Source Interface: External

    Update and save then test

  4. #14
    Untangle Ninja
    Join Date
    Jan 2009
    Posts
    1,186

    Default

    Drop
    Destined Local
    Source Interface: external
    Protocol: icmp

    Don't forget to save.

  5. #15
    Newbie
    Join Date
    May 2010
    Posts
    4

    Default

    I didn't have Destined Local. I added it and made sure to save and I still failed "A PING REPLY (ICMP Echo) WAS RECEIVED"

  6. #16
    Untangle Ninja
    Join Date
    Jan 2009
    Posts
    1,186

    Default

    How odd, I created and verified that rule with my own router mode UT against GRC's shield's up, since I'm not concerned about it I then I disabled the rule.
    I would guess I'm not far off, because someone else would have spoken up otherwise.
    You better post screen shots of your Packet Filters page and another shot of the rule creation window. You can upload the screenshots to the forum if you haven't hosting.

  7. #17
    Untangle Ninja dbunyard's Avatar
    Join Date
    Nov 2008
    Location
    Westerville, Ohio, USA
    Posts
    1,051

    Default

    I'm sure this is a stupid question, but you do have your DSL modem set to bridged right? It's not double NATting? It could be the DSL modem responding to the ping if it's not truly set to bridge. I have seen this before.
    Dan

    You may one day find something interesting here. Today is not that day. Tomorrow isn't looking too good either.

  8. #18
    Newbie
    Join Date
    May 2010
    Posts
    4

    Default

    I'm not currently at the office but once I get there I will try to post screenshots but I'm not sure how. I see the "insert image" icon that prompts me for the url of the image. What do I need to enter (sorry I am new to using forums).

    Also, regarding my DSL modem being in bridge mode, how do I check that. I've tried entering the ip address 192.168.1.1 and/or 192.168.10.1 in a browser to bring up a web interface but I'm not sure if it has one like a router does. Is it a switch on the modem itself?

  9. #19
    Untangle Ninja Mathiau's Avatar
    Join Date
    Feb 2008
    Location
    Costa Frickn' Rica
    Posts
    1,630

    Default

    i just did the scan on my network and i show 160-220 as "closed" but not stealth, but i have no firewall rules forwarding in those ports to any system on the network.

    Also port 22 shows even thought i did the packet filter rule to block external access to 22.
    kv-2 | UT 11.0.1 | Dell R610 Server | Intel Xeon 2.8Ghz Quad Cores | 24Gb DDR3 ECC | 1 Intel QPort NIC | Integrated Broadcom QP | Dell Perc 4i | 6 x 73G 2.5 15k SAS raid 10 | 100mb/100mb | 30mb/30Mb

  10. #20
    Newbie
    Join Date
    Dec 2008
    Posts
    9

    Default

    I just installed Untangle 7.4.1 tonight and am trying to figure out how to stop ping replies, close port 443, and make port 22 stealthed. Every post I have come across says to go to Networking > Advanced > Packet filter and create the rules there. I don't see this option anywhere in Untangle 7.4.1 and I am viewing in Advanced mode. Can someone help me out here?

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2