Results 1 to 5 of 5
  1. #1
    Newbie
    Join Date
    Feb 2009
    Posts
    7

    Default Struggling with Internet access

    I created the post two days ago called "Untangle newby and SBS2011 issue" and followed the advice I received. Thanks to those who assisted me!

    I now have the three NIC's installed and the setup looks like this (I have also attached a diagram):

    Cable Modem - Untangle - Switch - SBS2011 and client PC (Internal)
    |
    - Switch - Visitor PC (DMZ)(This switch comes off the Untangle box)

    Untangle's DHCP and DNS is set to provide those services to the DMZ. From the DMZ I can surf the Internet and obtain a DHCP address.

    From the Internal network I can still Ping google.com but I cannot open any web pages. I am probably missing some thing obvious but I cannot, for the life of me, figure out what I am missing.

    Both interfaces are set as Static, their respective IP addresses (Int: 172.16.0.1/24 DMZ: 192.168.0.1/24) and both have NAT Policy of 0.0.0.0/0 - auto.

    The Packet Filter is set so that only "Allow DHCP requests from the Internal interface", "Accept DNS traffic from the Internal and VPN interfaces to the local DNS server", "Accept SNMP traffic from all interfaces" and "Route VPN traffic that would go through the Bridge" do NOT have a check mark next to them.

    Any ideas?

  2. #2
    Untangle Ninja proactivens's Avatar
    Join Date
    Sep 2008
    Location
    Greensburg, Pa
    Posts
    2,372

    Default

    Do you have a firewall rule allowing DMZ traffic out to the internet? There is no default rule that covers the DMZ, you have to make one yourself.
    www.nexgenappliances.com
    Toll Free: 866-794-8879
    UNTANGLE STAR PARTNER
    Follow us at spiceworks!

  3. #3
    Newbie
    Join Date
    Feb 2009
    Posts
    7

    Default

    No, it just worked?? As I said the DMZ works perfectly (visitors can surf, clear their e-mail, etc) but the Internal does not. That's what has got me so confused as I expected it would be the other way around.

  4. #4
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Untangle can't have the same IP as another device (your cable modem)

    You say "from the Internal" are you testing from some computer specifically?
    If you can ping google.com you are both getting ping connectivity and DNS connectivity, meaning 172.16.0.2 must be online.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Newbie
    Join Date
    Feb 2009
    Posts
    7

    Default

    Sorry about the delay but have just got home from work.

    The cable modem is a bridge device and does not "hold" the IP address (that was probably a bit confusing).

    From Internal means from any device within the Internal network which includes the SBS Server and a couple of PC's. They can all ping google.com (which as you point out proves DNS is working). However, I cannot display any web pages. So I suspect there is a filter somewhere that I need to turn off. I have looked through all the options but cannot seem to find anything that would block it.

    I was also wondering if by default the DMZ has a protocol or file type or something blocked to prevent browsing from the DMZ. And because I moved Untangles DHCP and DNS into the DMZ IP range this has triggered that "block" on the Internal interface

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2