Results 1 to 3 of 3
  1. #1
    Untangler
    Join Date
    Dec 2011
    Posts
    43

    Default Moving HTTP/S and SMTP from DMZ to Internal (NAT)

    Hi, all.

    I'm running Untangle 14.1. I currently have the Untangle router setup as follows:

    Eth0: External WAN
    Eth1: Internal LAN, NAT/DCHP, etc...
    Eth2: Bridged DMZ (one web server, one email server for our business operations, one email/web server that handles web-based email for our customers).
    Eth3: Backup WAN

    My employer is moving to new physical offices in a month. My servers are going to be moving from our own in-house rack into the co-located rack in the office building we're moving too. We'll still have our own dedicated WAN and ISP.

    In order to simplify things at the new destination, I'm looking at consolidating all of the email operations into a single server, and moving the web server and the consolidated email server inside the Internal NAT LAN.

    My question is, "Will I need to reconfigure Untangle and how will that affect it?"

    For instance - I assume that for my proposed configuration to work, that I'll need to use the router's static IP as the address of both HTTP and SMTP, and that I'll need to implement port forwarding rules to direct those services to the correct computer inside the LAN.

    However - Untangle itself already commandeers port 80 and 443 for its own web interface. Is it alright to assign Untangle to use another arbitrary port value for those services? Likewise, if I port forward SMTP from the router's IP to the internal NAT, will that affect the operation of the Spam Blocker Lite app or will it go merrily on its way, regardless?

    Are there any other issues I should be aware of before setting this up?

    Thanks in advance for the advice.

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    22,939

    Default

    You will want a dedicated IP address for your mail operations, or you risk getting black listed and things getting ugly.

    That dedicated address can forward 80, 443, and 25 to the Exchange server easily. You'll need a NAT policy to force traffic sourced from the Exchange's IP to the correct WAN address, and appropriate port forwards. You'll also need appropriate public and private DNS records to make everything resolve correctly. There's not much else to worry about.

    Spam Blocker operates on unencrypted TCP 25 communications passing through Untangle. Source and destination honestly do not matter. However, the module does look for sessions passing from an interface that doesn't have "is WAN" enabled to an interface that does to know those are going outbound. But ingress simply doesn't matter, if TCP 25 is going somewhere, SpamBlocker is processing it right up until you configure it not to.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,435

    Default

    You can move the external port used by Untangle to other port by using /admin/index.do#config/network/services to port forward 443 and 80 to your web server behind Untangle.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2