Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: Port 443 On WAN

  1. #1
    Untanglit
    Join Date
    Aug 2019
    Posts
    22

    Default Port 443 On WAN

    Why is port 443 reserved on wan, even with remote access disabled, this makes no sense to me.

    i have to move the port to 444 because i am running https services externally which are forwarded to internal servers.

    But then i cannot access it internally over https without having to specify the port.

    Port 80 isnít subject to this so I dont see why 443 should either.

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,928

    Default

    With WAN admin off, the GUI is still on port 443. It is only inaccessible due to access rules (iptables).

    Port 80 is the same, the service has to be moved to use it in port forwards.
    Last edited by jcoffin; 08-15-2019 at 01:31 PM.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,161

    Default

    config->network->services
    change web admin port to something else. I always use 42443, but 444 is a common alt-https port as well

    (nevermind, I misunderstood your question, I thought you were saying you had to re-direct your other web services to a different port because the untangle web admin was taking 443... now I get that you already changed the untangle web admin port, you just don't like the result)

    Port 80 doesn't work this way because it only listens on Port 80 on non-WAN ports, so you don't have to mess with the port assignment to do port-forwards for port 80 on public interfaces (basically Untangle isn't even going to let you do something as dumb as open Port 80 externally). conversely it does listen on Port 443 on all interfaces, so you just have to move it if you want to do port-forwards on port 443. That's just how it works.
    Last edited by johnsonx42; 08-15-2019 at 01:40 PM.

  4. #4
    Untanglit
    Join Date
    Aug 2019
    Posts
    22

    Default

    Quote Originally Posted by jcoffin View Post
    With WAN admin off, the GUI is still on port 443. It is only inaccessible due to access rules (iptables).
    But why is it still running (aka bound on 443) on an external interface? I totally understand and want it running on port 443 on internal interfaces, but not on external ones.

    I did try putting it back on 443 but then I couldnt access my own services running on 443 on the external interfaces, so I moved it back to 444, but then that means you have to supply the port when using https.

    Port 80 doesn’t have this behaviour so why does 443? Is there some specific reason behind this? I’m really impressed with Untangle, its way better than the USG4 Pro I was using, I have everything working that I did on the USG (and more!) apart from this.

    I suspect i’ll just have to point my dns name at my internal service reverse proxy and let that handle everything.

  5. #5
    Untanglit
    Join Date
    Aug 2019
    Posts
    22

    Default

    Quote Originally Posted by johnsonx42 View Post
    config->network->services
    change web admin port to something else. I always use 42443, but 444 is a common alt-https port as well

    Yeah, I’ve been running it on 444 but that has the consequence of having to supply the port when connecting via https.

  6. #6
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,740

    Default

    port 80 is not reserved on WAN interfaces.
    If you want to use reserved ports, then move those services to other ports.
    If you don't want to use reserved ports, you don't need to do anything.

    If you want to have it on 443 on the internal IP and 444 on the external, use a port forward to forward the internal address port 443 to the internal address port 444.
    fizzyade likes this.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Untanglit
    Join Date
    Aug 2019
    Posts
    22

    Default

    Quote Originally Posted by dmorris View Post
    port 80 is not reserved on WAN interfaces.
    If you want to use reserved ports, then move those services to other ports.
    If you don't want to use reserved ports, you don't need to do anything.

    If you want to have it on 443 on the internal IP and 444 on the external, use a port forward to forward the internal address port 443 to the internal address port 444.
    Edit:

    Ahh, gotcha!
    Last edited by fizzyade; 08-16-2019 at 04:25 AM.

  8. #8
    Untanglit
    Join Date
    Aug 2019
    Posts
    22

    Default

    Humn, having problems here for some reason. Actually this port forwarding is one of the reasons I've fallen in love with Untangle, the fact that you can do it on/from any interface/ip/port etc is really cool.

    My Untangle is on 172.29.13.1

    I created a port forward rule:

    Protocol TCP
    Destination Port 443
    Destination Address 172.29.13.1

    New Destination 172.29.13.1
    New Port 444

    When I try with a browser to connect to https://dns.name.com/ (where dns.name points to 172.29.13.1) I get:

    This site can’t provide a secure connection dns.name.com sent an invalid response.
    ERR_SSL_PROTOCOL_ERROR

    If I try with wget I get:

    DEBUG output created by Wget 1.20.1 on linux-gnueabihf.

    Reading HSTS entries from /home/pi/.wget-hsts
    URI encoding = ‘UTF-8’
    Converted file name 'index.html' (UTF-8) -> 'index.html' (UTF-8)
    --2019-08-16 12:39:53-- https://172.29.13.1/
    Certificates loaded: 128
    Connecting to 172.29.13.1:443... connected.
    Created socket 3.
    Releasing 0x01890da0 (new refcount 0).
    Deleting unused 0x01890da0.
    GnuTLS: A TLS fatal alert has been received.
    GnuTLS: received alert [80]: Internal error
    Closed fd 3
    Unable to establish SSL connection.


    444 Works as intended, what have I missed here?
    Last edited by fizzyade; 08-16-2019 at 04:45 AM.

  9. #9
    Untanglit
    Join Date
    Aug 2019
    Posts
    22

    Default

    Ok, I edited it and moved it to the top, I noticed after a couple of other changes it was getting a response from caddy which is my reverse proxy.

    Protocol TCP
    Destination Port 443
    Destination Address 172.29.13.1
    Source Interface: Internal

    New Destination 172.29.13.1
    New Port 444

    This is my top rule, but it just sits there trying to make a connection without success.

  10. #10
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,161

    Default

    fwiw I can't make that port forward rule work either. I thought maybe forwarding it to 127.0.0.1 instead would work, but nope...
    fizzyade likes this.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2