Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Master Untangler adrianp918's Avatar
    Join Date
    May 2009
    Posts
    443

    Default does untangle support loop back

    can someone with in my network that UT is deployed in access services from simply plugin in the wan ip adddress?

  2. #2
    some dude hlarsen's Avatar
    Join Date
    Jul 2010
    Location
    sfba
    Posts
    1,384

    Default

    you mean can someone on your internal network go to the Untangle's WAN IP and have the port forwards work? as long as the rule matches, i believe it should. if you have something like Source Interface: External, it probably won't match.

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,553

    Default

    You mean services that you've port forwarded?

    If that is the case it can be done, but you must ensure the rule for the forward doesn't have a source interface condition that prevents it, and you must also go into config->networking->advanced, and disable the "only nat wan traffic" box.

    However, only do this on a two interface Untangle. If your Untangle server is servicing multiple internal networks that box will force all internal communications to go through the NAT engine. Therefore, lan to lan communications will be severed. If you have a multi-segmented network, and you need NAT Reflection / Hairpin NAT, you're SOL. You need to use DNS to provide the appropriate internal IP address.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    Quote Originally Posted by adrianp918 View Post
    can someone with in my network that UT is deployed in access services from simply plugin in the wan ip adddress?
    Yes.
    Beware if it detects its being port forward "back inside" it will NAT the traffic so that it will come back to Untangle correctly. So it will appear to be coming from untangle.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Master Untangler adrianp918's Avatar
    Join Date
    May 2009
    Posts
    443

    Default

    i guess i should clarify what i am saying,

    would someone from a network with in UT protection be able to see a self hosted website from a server that is behind the same network that UT is protecting,

    say office member is looking for a site called abc.com and it is hosted with in the same network that there on

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,553

    Default

    Yes, if you do what I told you to. Otherwise, you have to fix your DNS to do it manually.

    Intouch hosts web sites, I do this every day.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Master Untangler adrianp918's Avatar
    Join Date
    May 2009
    Posts
    443

    Default

    maybe i should clarify,


    say i have port forward already set,

    someone who is not with in the same network of my webserver can access abc.com no problem

    can someone who is with in the same network access abc.com

    it is like there looking for a website that is self hosted

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,553

    Default

    Yes, I understand you.

    Here, have some details.

    www.intouchtechllc.com is running on a web server with an IP of 10.10.10.3
    My client has an IP of 10.10.10.185

    The public address of my web server is 174.79.53.76

    I forward TCP 80 from there to 10.10.10.3, among other ports.

    I can access my own web site just fine.

    As I said, I do this every day.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Master Untangler adrianp918's Avatar
    Join Date
    May 2009
    Posts
    443

    Default

    thanks rob,

    i used "not to name drop" m0n0wall and the only way you would be able to do this is set the dns forwarder because by default it blocked loop back service
    Last edited by adrianp918; 06-24-2011 at 03:31 PM. Reason: fat fingered spelling

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,553

    Default

    Yes, m0n0wall had a feature in the firewall to prevent NAT-Reflection.

    UT is the same, however in UT you can disable the Only NAT WAN traffic option to clear it.

    As I said before, it only works if you have a 2 interface UT router. Or if you don't need lan to lan communications.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2