Page 1 of 4 123 ... LastLast
Results 1 to 10 of 32
  1. #1
    Newbie
    Join Date
    Dec 2018
    Location
    Georgia, USA
    Posts
    10

    Default SSH Port 22 - Should it respond when Allow SSH disabled?

    Hello All -

    New Untangle user that just migrated over from pfSense. No regrets! :-)

    I had to rebuild / restore config on my appliance this evening. Following the reload, as a quick check, I hit grc.com for a quick ShieldsUp test and it shows port 22 "closed" with everything else "stealth", but I was wondering why it would even respond at all? Looking at Config | Network | Advanced | Access Rules I see the Allow SSH rule is not enabled. I generated a Block Rule to attempt to have it not respond, but I still see the same thing. I read where the SSH rule was not enabled on the WAN by default, and the access rules appear to show that, but was wondering if I am missing something?

    Thanks!
    Bill
    Attached Images Attached Images

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    Can you post a screenshot of all your rules and also your port forward rules?
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,494

    Default

    At the very bottom of that list of access rules is a block all rule, either that's disabled which is SUPER BAD, or you've got a port forward rule that's pushing TCP 22 somewhere else.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Newbie
    Join Date
    Dec 2018
    Location
    Georgia, USA
    Posts
    10

    Default

    Thank you for your replies! I have attached screen captures of the Access Rules and Port Forwarding rule screens.

    --Bill
    Attached Images Attached Images

  5. #5
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,135

    Default

    Besides a modem, is there some device between Untangle and the world? Is Untangle is bridge mode?

  6. #6
    Newbie
    Join Date
    Dec 2018
    Location
    Georgia, USA
    Posts
    10

    Default

    Quote Originally Posted by Sam Graf View Post
    Besides a modem, is there some device between Untangle and the world? Is Untangle is bridge mode?
    Untangle is the only thing between my cable modem and my two internal networks. It is configured as Addressed with "NAT traffic exiting this interface".

    Is it possible that when I restored from my latest configuration backup, that something became amiss? Prior to losing the SSD in my appliance, I did not see this issue. It was only after I re-installed from scratch and restored.
    Last edited by wbwhaley; 12-18-2018 at 10:19 AM.

  7. #7
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,135

    Default

    Quote Originally Posted by wbwhaley View Post
    Is it possible that when I restored from my latest configuration backup, that something became amiss?
    Did you reboot Untangle after doing the restore? I ask because if not, maybe this is one of those few and far between instances where rebooting Untangle might be the thing to do.

  8. #8
    Newbie
    Join Date
    Dec 2018
    Location
    Georgia, USA
    Posts
    10

    Default

    Quote Originally Posted by Sam Graf View Post
    Did you reboot Untangle after doing the restore? I ask because if not, maybe this is one of those few and far between instances where rebooting Untangle might be the thing to do.
    I did reboot following the restore last night when I first encountered the issue.

    I just did a second restore of Untangle from my original backup again and rebooted the appliance following. The port now does not respond as expected. I'm not sure what would have caused it, but it is corrected now. I sure don't like now knowing exactly what it was that caused the issue or what it was that corrected, but thank you for the push in the reboot direction again.

    Thanks!
    Bill
    Last edited by wbwhaley; 12-18-2018 at 10:54 AM. Reason: Follow up after restoring again from orig backup

  9. #9
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,327

    Default

    You should definitely be getting "Stealth" on port 22 with the Access Rules you show.

    A couple things to try:

    1. Pull the network cable out of your Untangle WAN interface immediately after clicking "Common Ports" on ShieldsUp!; wait 5 seconds and plug it back in. If you still get port 22 "Closed" then you know it's not Untangle exposing the port (OR you didn't pull the cable fast enough!)

    edit: this second one is probably better, but I thought of pulling the cable first...

    2. Try running a Packet Test for your external interface, port 22 at Config->Network->Troubleshooting; set it for 30 seconds and then start the ShieldsUp! test. You should get 10 inbound packets from 4.79.142.206 to port 22, nothing else, no response packets. If you get no packets, then something else is receiving the port 22 packets. If you get packets with any sort of responses, then the packets are indeed coming from (or through) untangle which shouldn't be possible given your rules.
    Last edited by johnsonx42; 12-18-2018 at 10:55 AM.

  10. #10
    Newbie
    Join Date
    Dec 2018
    Location
    Georgia, USA
    Posts
    10

    Default

    Thanks for the suggestions to troubleshoot... luckily I won't have to do it now. After restoring a second time from the original backup configuration and rebooting again, the port now shows "Stealth". Wish I knew what it the reasoning behind it happening in the first place was though.

    Thanks again!

Page 1 of 4 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2