Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14
  1. #11
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,542

    Default

    Quote Originally Posted by dwasserman View Post
    I believe Untangle not sell appliances outside USA, right?
    Build your box with 3 nicīs and buy home license.
    We do sell U25 outside the US and we have a hardware distributor that can ship the "x" in Europe. Call or email sales and they can point you to the right distributor.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  2. #12
    Untangler
    Join Date
    Aug 2018
    Posts
    34

    Default

    Quote Originally Posted by dmorris View Post
    This explains all that:

    The benefit of using filter rules is that you can configure who can talk to who explicitly, whereas if you NAT there will be no communication at all.
    I have read the link a few times now but need to check whether I understand it correctly:
    • if I turn NAT off for the internal interfaces (= uncheck NAT traffic coming from this interface (and bridged peers)) all traffic is allowed (both ways) unless I specify a generic rule to block all internal traffic from -and/or towards - the interface on which I hook to camera's on to.
    • a rule to specifically allow traffic (in my case from NAS IP to Camera interface) overrules a block
    • The 'NAT traffic exiting this interface (and bridged peers) option in WAN' checked creates a regular NAT/firewall blocking all traffic from outside to inside unless port forwarding rules are set;


    In my specific situation this would mean:
    1. check the 'NAT traffic exiting this interface (and bridged peers) option in WAN' to create a solid firewall between internet and my home network;
    2. turn NAT off for the internal interfaces (= uncheck NAT traffic coming from this interface (and bridged peers))
    3. specify a rule to block all traffic from the IP cam interface to internal destinations ( in order to isolate the IP camera's from my other network devices) but still allowing the IP cams to go to the internet (for example for time sync or firmware updates)
    4. for the NAS to reach the camera's I do not need to do anything since I have not set a block rule towards the IP Cam interface and all internal traffic is still allowed to flow towards the IP cams;
    5. No further routing rules to be set (Check?! Cardinal rule 3 confuses me a bit since I do create 2 subnets )


    Did I pass?

  3. #13
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Correct, #1 and #2 (and #4 is a no-op) are defaults, so you just need to do #3
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #14
    Untangler
    Join Date
    Aug 2018
    Posts
    34

    Default

    Quote Originally Posted by dmorris View Post
    Correct, #1 and #2 (and #4 is a no-op) are defaults, so you just need to do #3
    Great!

    And for #5, just to be sure:
    In the advised configuration (picture below) it would be possible - without any additional rules/setting and respecting cardinal rule #3 - for host 192.168.123.129 to reach IP cam at 192.168.178.113?

    BTW: with Cardinal rule #3 I mean this part from the Wiki: "This is often a surprise to people on complex networks as effectively you will need to tell Untangle where to send all the traffic on your network if you want it to go to the correct place. If you have a subnet that Untangle doesn't have a route for, then it will be sent to the default gateway even if that subnet is internal. For Untangle to operate correctly, you must configure Untangle with a complete routing table so it knows how to reach all hosts on your network. "
    Network simple 3.JPG
    Last edited by homenetwork; 08-16-2018 at 01:17 PM. Reason: clarified Cardinal Rule #3

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2