Results 1 to 6 of 6
  1. #1
    Newbie
    Join Date
    Jun 2011
    Posts
    8

    Default outbound NAT issue

    Hi all

    First post, and I'm desperate for some guidance and help.

    See attached network diagram....

    Here's my problem:

    None of the machines on the internal network (172.26.25.xx) or the DMZ (10.0.0.xxx) can access anything on the external network.

    Also, the Untangle server itself cannot access anything on external.

    1) I've checked to ensure that the correct firewall rules are in place. Even tried allow all to all.
    2) The packet filter rules to allow the DMZ to connect to external are in place.
    3) Inbound connections from external to internal work perfectly via the port forwards I've setup.
    4) Not shown on the network map- but two sites connecting to the site shown in the diagram via OpenVPN also have no problems connecting and sending/receiving.
    5) I've checked that the problem is not some kind of blocking to/from the Untangle external interface and found no problems.
    6) Doing a tcpdump on eth0 (external) yields ONLY UDP traffic from OpenVPN.

    I'm pretty sure it's got something to do with my outbound NAT policies, but try as I may- I can't seem to get it right.

    Please assist- what can I check for?

    Thanks
    Glen

  2. #2
    some dude hlarsen's Avatar
    Join Date
    Jul 2010
    Location
    sfba
    Posts
    1,384

    Default

    Quote Originally Posted by xglenh View Post
    Also, the Untangle server itself cannot access anything on external.
    so from the actual Untangle console, can you get to google.com? if not, that's the problem right there. the 0.0.0.0/0 auto NAT policy should take care of NATing everything.

  3. #3
    Newbie
    Join Date
    Jun 2011
    Posts
    8

    Default

    That's exactly it.... Even the Untangle console cannot get anything through to EXTERNAL. The console cannot browse to Google.com, and cannot even do DNS lookups.

    But I know connectivity to/from the external interface is not an issue, since I can connect my laptop "in place" of Untangle's external interface using the same public ip, netmask and DNS and the laptop can connect to anything.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,514

    Default

    But your laptop isn't using the network interface that Untangle is using. This is a hardware issue, possibly a defective nic. Or at very least, a NIC that Untangle for some reason doesn't like.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Newbie
    Join Date
    Jun 2011
    Posts
    8

    Default

    hi sky-night

    I doubt it; I can connect via openvpn to the Untangle box without a problem And inbound connections to external work like a charm.

    It's only when a connection attempt is made from internal (or DMZ) to external that nothing happens.

    I might add that this box has been running untangle for about a year without issues. And here's more strange behavior: when I do a restore of the config from a backup I made some months ago, everything on the untangle box works 100% for about 5 minutes, and then suddenly traffic from internal to external will stop flowing again.

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,514

    Default

    If you can't browse the web from the UT console, you aren't going anywhere. I've had bad interfaces do this to me, you need to check your hardware.

    Also, those two 0.0.0.0/0 rules may be conflicting. Nat policy is more global... I'd bust those into the appropriate /24s for their respective lans for clarity. I've had some odd NAT issues doing the 0.0.0.0 rule on multi-segmented networks.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2