Page 3 of 3 FirstFirst 123
Results 21 to 29 of 29
  1. #21
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,497

    Default

    tjsweet to get your Untangle to do any forwarding in a double nat environment you need to forward the ports from the first NAT device. In your case I would simple suggest stuffing your UT external IP address into the DMZ field in the DSL router, then everything comes to UT by default and you can forward from there.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #22
    Untanglit
    Join Date
    Jul 2008
    Posts
    19

    Default

    sky-knight, I'll give that a try then. The firewalls and routers I'm accustomed to have NAT earlier in the order of operations than ACLs so it didn't really occur to me that it might not be the same with UT. I'll change it back over to routed mode tonight and report my findings.

    RG

  3. #23
    Untanglit
    Join Date
    Jul 2008
    Posts
    19

    Default Sky-knight to the rescue!

    Booyah! Sky-knight your suggestion was right on the money. I had to use the post-forwarded port rather than the pre-forwarded port, which means in the order of operations for UT, port forwarding (aka port redirection or static PAT in Cisco terms) takes place prior to the access controls in the firewall. In the Cisco world port forwarding is tied to the NAT process, which takes place before the access control process.

    Very cool...one issue down, one to go. I LOVE community software.

    RG

  4. #24
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,497

    Default

    Me too, learned that lesson the hard way. To me the firewall runs on the External and is before NAT... UT however runs on all interfaces to allow for multi-directional traffic control. So the system is a bit more intelligent and incorporates NAT into the equation so you are firewalling based on the information that is outside of the firewall. It is, strange to get used to but I kinda like it this way.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #25
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,469

    Default

    Is there any documentation along these lines?

    I was thinking of doing double NAT, but now I am very scared.

    Jim

  6. #26
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,497

    Default

    Documentation is there, double NAT isn't a problem technically. It's a problem with most people's technical ability. That type of configuration is very prone to break, and very difficult to troubleshoot. I've set them up, but don't expect this forum to help you do such a thing. It's just too darn complicated to help with via forum posts.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #27
    Newbie
    Join Date
    Jul 2008
    Posts
    7

    Default

    I've finally figured it out. The way my network was previously setup was that I have a DSL Modem/Wireless Gateway that my ISP Provides me with. On this Modem there are 4 ports, all of which are in use, 3 that go to my IPTV boxes for my television and 1 that goes into my network router. When I changed to untangle I forgot to update the DMZ with the new IP since it changed :-) Changed the IP in the DMZ and everything works flawlessly now. Thanks for all your help.

  8. #28
    Untanglit
    Join Date
    Jul 2008
    Posts
    19

    Default

    Still better to bridge the PPPoE and public address through to the UT box but if you're happy, that's all that matters.

    Glad to hear you found it.

    RG

  9. #29
    Untanglit
    Join Date
    Aug 2008
    Location
    Pretoria Gauteng South Africa
    Posts
    17

    Default

    I am using 5.3 with port forward rules and no problem. Maybe it matters in which order the AND rules are...

    First AND = interface external
    Second AND = protocol TCP UDP
    Third AND = destination port number 80 or 443 or something else...

Page 3 of 3 FirstFirst 123

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2