Page 1 of 4 123 ... LastLast
Results 1 to 10 of 39
  1. #1
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,140

    Default Huge issues switching ISP and portforwards.

    Hi,

    We are switching ISP and your plan was to dual address all services.
    So in PF we would do:
    PFdual-ISP.JPG
    Policys we are running with matches to the internal IP and traffic from the external
    Policy.JPG

    Then modify my Hostfile on a 3G connected device and I can see sessions coming into the new interface.

    session.JPG

    I can see that the traffic is hitting the right rule:
    fwrule.JPG

    But Page is not loading.
    If we have reductions from 80 to 443 we see that happening and also Certs are presented to the browser but pages are not loaded. (If it stands for like 15 to 20 mins some time the page loads)

    IF I add a bypass with dest 10.250.32.21 it will load directly and 100% of the times.

    I have tested to create new Rack with nothing in it and pushed all traffic to 10.250.32.21 and I get the same result.

    Any suggestions?

  2. #2
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,520

    Default

    what about the DNS?

    tell about the configuration,
    and can you track it?

  3. #3
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,140

    Default

    I am currently just swapping in my host file after having to revert my dns zone (user complaints as nothing was Working)

  4. #4
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,140

    Default

    This I a rather large and complex setup. But the screenshot should contain all needed.

    Traffic hits the right rule firewall rule.

  5. #5
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,520

    Default

    No.
    I mean, think about the DNS chain...
    Are those answers making it back?

    gut feeling:
    but pages are not loaded. (If it stands for like 15 to 20 mins some time the page loads)
    = DNS issues

  6. #6
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,140

    Default

    DNS for end client = Using Host file (Should not do any DNS lookups)

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,056

    Default

    Are you using SSL inspector?

    And do you have any HTTP only sites on that thing to test against?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #8
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    I would work down this list:
    https://wiki.untangle.com/index.php/...shooting_Guide

    I literally just work down the list.
    If its not obvious by the time you get to #12, #12 pretty much always tells the story.

    tcpdump can show the request coming in, and then being forwarded (its probably working to this point)
    does untangle get a reply on the correct internal interface? does it forward the reply back out to the client?
    probably one of those two is failing.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  9. #9
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,140

    Default

    SSL Inspector is not active in that rack (just one client rack that has it active)

    I do have one HTTP only will run test now.

  10. #10
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,140

    Default

    Thats the thing I can see the in and out traffic in a Packet test.. :-(

    Http looks to be working fine. (just simple test site so can't do any advanced testing)

    Will go through the list once more. (was on #13)

Page 1 of 4 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2