system not stealth

[bill123]

I have created the packet filter rules that are stated here and I still fail the shields up test:

GRC Port Authority Report created on UTC: 2010-05-13 at 21:13:29

Results from scan of ports: 0-1055

0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: FAILED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

My Untangle server is setup as a router. Internet > DSL Modem > Untangle

Could my ISP be the cause of this? I've tried talking to them about this and they say it's my firewall that I should look at.

[fasttech]

You failed for ping response.
The system packet filter rules has one to allow ping on all interfaces.
You should be able to create a rule to block icmp on external if you wanted that.

[bill123]

First let me say that I appreciate any advise that anyone can give me. I am not what you would call an "expert" by any means.

Thus far I have done the following to my untangle server and still can not stealth my icmp echo reply:

Config -> Networking -> Advanced -> Packet Filter

Create a new rule that says this:

Enabled: Checked
Description: Halt SSH on External
Action: Drop

Destined Local
Destination Port 22
Protocol: TCP
Source Interface: External

That will correct the SSH port reporting CLOSED.

Now, 443 is supposed to be open! That is your external secure admin. No, disabling external admin doesn't close this port. If you want to close it create a second packet filter rule just like the SSH rule, just change the destination port to 443.

Finally, Untangle will respond to ICMP by default, if you want to control pings install this packet filter rule.

Enabled: Checked
Description: Halt ICMP on External
Action: Drop

Source Interface: External
Protocol: ICMP


Create a packet filter rule that drops all external traffic

Enabled
Description: Complete Stealth
Action: Drop
Source Interface: External

Update and save then test

[fasttech]

Drop
Destined Local
Source Interface: external
Protocol: icmp

Don't forget to save.

[bill123]

I didn't have Destined Local. I added it and made sure to save and I still failed "A PING REPLY (ICMP Echo) WAS RECEIVED"

[fasttech]

How odd, I created and verified that rule with my own router mode UT against GRC's shield's up, since I'm not concerned about it I then I disabled the rule.
I would guess I'm not far off, because someone else would have spoken up otherwise.
You better post screen shots of your Packet Filters page and another shot of the rule creation window. You can upload the screenshots to the forum if you haven't hosting.

[dbunyard]

I'm sure this is a stupid question, but you do have your DSL modem set to bridged right? It's not double NATting? It could be the DSL modem responding to the ping if it's not truly set to bridge. I have seen this before.

[bill123]

I'm not currently at the office but once I get there I will try to post screenshots but I'm not sure how. I see the "insert image" icon that prompts me for the url of the image. What do I need to enter (sorry I am new to using forums).

Also, regarding my DSL modem being in bridge mode, how do I check that. I've tried entering the ip address 192.168.1.1 and/or 192.168.10.1 in a browser to bring up a web interface but I'm not sure if it has one like a router does. Is it a switch on the modem itself?

[Mathiau]

i just did the scan on my network and i show 160-220 as "closed" but not stealth, but i have no firewall rules forwarding in those ports to any system on the network.

Also port 22 shows even thought i did the packet filter rule to block external access to 22.

[axel_2078]

I just installed Untangle 7.4.1 tonight and am trying to figure out how to stop ping replies, close port 443, and make port 22 stealthed. Every post I have come across says to go to Networking > Advanced > Packet filter and create the rules there. I don't see this option anywhere in Untangle 7.4.1 and I am viewing in Advanced mode. Can someone help me out here?