Page 1 of 2 12 LastLast
Results 1 to 10 of 20
  1. #1
    Untanglit
    Join Date
    Jan 2010
    Posts
    24

    Default TCP Connectivity Fails...

    I am trying to migrate our district to Untangle but I am having a lot of difficulties. I have finally gotten to the point of testing at our site. When I hook up the UT box I get no internet. Here is my setup:

    Internet >Router>Private WAN>Windows Server 2008 (Routing)>UT Box> 10.51.48.0/21 Subnet

    The 'server router' internal is 10.51.48.1. I have setup the UT Box as bridged. There is an internal card bridged to external and an external card with static IP 10.51.48.30. All clients are getting a DHCP address from another NIC (10.51.48.6) in the 2008 server. But all clients look to 10.51.48.1 for internet.

    All works fine until I put the UT box in place. I lose internet, however, I can ping 10.51.48.1. I can also ping any device in the private WAN. Pings are coming from clients behind the UT Box. I have unhooked the other NIC from the Server 2008 box so traffic has no option but to go through the UT Box. So I can ping through the UT Box fine. When I go to test connection on the UT Box it tells me failed, TCP Failed. I also cannot connect to download any apps.

    If I take out the UT Box then internet works again. Also I can hook up the internal NIC of the UT Box to a switch and I can get to the apps to download but I still get a TCP Failed error.

    Is there something I am forgetting to do?
    Let me know if you need any other details.

    Any help is appreciated.
    Last edited by lcsadmin; 01-26-2010 at 12:18 PM.

  2. #2
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,375

    Default

    First:Verify the interfaces in Untangle are not swapped (MDH law 1)
    Second: verify if is not a DNS issue, try ping the ip 64.233.169.104 , and then ping google.com

  3. #3
    Untanglit
    Join Date
    Jan 2010
    Posts
    24

    Default

    Absolutely sure that the interfaces are not swapped. DNS is not working however. I first tried a traceroute and it could not resolve google.com. So I then ran a dns test. It is coming back with Host 'hostname' not found: 5 (REFUSED). I have no idea what that means even after googling. My external card is set to look to 10.51.48.6 for DNS. I have also set up a Local DNS server to several different DNS's that I have in our district. It doesnt change anything. I still get that same error. The DNS servers are running Server 2008 and Server 2003 and I have never had any trouble connecting anything to them. Meaning that there should not be any restriction or permission problems. The only restrictions that are on the DNS servers are for Dynamic Updates and Zone transfers. There shouldnt be anything refusing a simple query. Any ideas?

  4. #4
    Untanglit
    Join Date
    Jan 2010
    Posts
    24

    Default

    Also note that I only have the internal NIC hooked up right now. That is so I can still get internet normally and work on the UT Box at the same time. I will wait to 'officially' hook it back up proper when I can get the internet problems figured out.

  5. #5
    Untanglit
    Join Date
    Jan 2010
    Posts
    24

    Default

    Okay....here is an update.

    I have everything working on the UT box now. DNS is working. All the connection tests come back successful. When i hook the UT box up I still have no internet on the clients. However I do have it on the UT box. I can ping everything from the clients. The clients also cannot get email from exchange.

    BUT....I set one client's gateway to 10.51.48.30 (Internal UT) and presto I had internet. It filtered and logged and everything. All my clients are set to gateway to 10.51.48.1 and with a transparent setup I thought their gateway would not change. Isnt this correct? So does anyone have any idea why its acting this way?

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,542

    Default

    Untangle bridges do not function as gateways. If you had to change their gateway you have Untangle configured as a router, not a bridge.

    Look at the configuration for your Internal interface. If you see an IP there, you're in router mode.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Untanglit
    Join Date
    Jan 2010
    Posts
    24

    Default

    Yes thats right. However, as per my first post, the internal NIC is bridged to external.

    It's driving me INSANE!!!!!

    I may re-configure it to be a router and see if I can get it to work any better. I really wanted it to work as a transparent proxy though.

    One thing I cannot understand, if my clients are looking to 10.51.48.1 for GW but my UT box is bridged and sitting in front of it....how do the clients see 10.51.48.1? Especially if the the external part of the bridge has an IP address? Can someone explain that for me?

    Thanks for all the help!! I really thing Untangle will work well for us if I can just get it to network correctly.

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,542

    Default

    Linux bridges aren't bridges they are b-routers. This means they move Ethernet frames (layer 2) around based on layer 3 routing information.

    All linux bridges require an IP address, and a workable routing configuration so they can figure out which port on the bridge to forward the packet.

    The IP address on the bridge for untangle is just there to operate the web server, management interface, and give the Untangle device the internet connectivity it needs to function. It isn't involved in the networking process at all as far as the network clients are concerned.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Untanglit
    Join Date
    Jan 2010
    Posts
    24

    Default

    Is there any reason TCP traffic would die trying to go through it? ICMP packets go through fine, DNS is working. I cannot get email protocols to go through it and I cannot get internet to go through it.

    Again, it is most definately setup as a bridge, but setting up a client to look to the external IP as a GW WORKS!!

    Maybe I need to reinstall it again....? Is there anything I can try?

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,542

    Default

    What network interfaces are you using? Not all adapters can function as bridges.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2