Results 1 to 10 of 10
  1. #1
    Untanglit
    Join Date
    Dec 2016
    Posts
    19

    Default Can I make Untangle unavailable for VPN clients?

    So I have Untangle as entry point to internal OpenVPN lab. Machines in lab don't have access to internet. Clients are in 10.0.0.0/24 pool and lab machines are in 10.1.0.0/24 pool. Everything is working perfect, but since this lab is made for security testing and ethical hacking, clients will probably run scans on 10.1.0.0/24 and Untangle machine will be affected (It's running on 10.1.0.1). Now I want Untangle to block requests from clients. Is this possible?

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,304

    Default

    Sure, but it would prevent it from running as a router.

    You'd be better off just unplugging it... unless you want to be able to turn on / off a general block as needed? If so, you'll want advanced mode's input, and forward filter. You'll simply drop stuff sourced from that interface.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untanglit
    Join Date
    Dec 2016
    Posts
    19

    Default

    Thank You for your answer! Unplugging is not an option. I just need to make sure that clients won't be able to access Untangle web panel. Maybe blocking port 80 and 443 would be possible?

  4. #4
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    config > network > advanced > input filter rules

    I would recommend reading and understanding help section on these rules before making any changes.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,304

    Default

    Oh yeah if all you want to do is prevent HTTP and HTTPs access then yes an input filter rule is what you want.

    However, DMorris is also correct that you'd better understand how those rules work, because if you goof up such a rule it's possible to lock yourself out of the admin panel to undo the mistake!
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Untanglit
    Join Date
    Dec 2016
    Posts
    19

    Default

    Quote Originally Posted by sky-knight View Post
    Oh yeah if all you want to do is prevent HTTP and HTTPs access then yes an input filter rule is what you want.

    However, DMorris is also correct that you'd better understand how those rules work, because if you goof up such a rule it's possible to lock yourself out of the admin panel to undo the mistake!
    I just made new rule and I'm still able to access web panel. Here's how it looks:

    Screenshot_23.png

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,304

    Default

    Filter input rule, or filter forward rule?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #8
    Untanglit
    Join Date
    Dec 2016
    Posts
    19

    Default

    Quote Originally Posted by sky-knight View Post
    Filter input rule, or filter forward rule?
    Input filter rule

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,304

    Default

    Did you move your rule? They are evaluated in order, and by default it puts it at the bottom of the list. You'll want it above the Allow HTTP on non-WANs rule or it'll never match anything.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #10
    Untanglit
    Join Date
    Dec 2016
    Posts
    19

    Default

    Quote Originally Posted by sky-knight View Post
    Did you move your rule? They are evaluated in order, and by default it puts it at the bottom of the list. You'll want it above the Allow HTTP on non-WANs rule or it'll never match anything.
    Thank You so much! It works now!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2