Results 1 to 7 of 7
  1. #1
    Newbie
    Join Date
    May 2020
    Posts
    5

    Default Routed mode with Bridge LAN adapters

    Hi,

    I'm new to untangle and have set it up today on an old Dell i7 256Gb SSD and 32Gb Ram, with an additional 4 port intel NIC card.

    Onboard NIC is used for PPPoE Connecting to fiber modem.

    During install I configured one of the ports on the 4 port card to have a static IP. Post installation I bridged the remaining ports to the 1st internal port.

    The issue I have is that only the 1st port that was configured during the installation allows web traffic, any device plugged into the bridge ports, have no web traffic. However DNS resolution works. In the firewall logs I just see requests for port 80/443 blocked. moving the device to the fist port and it will begin working as expected within about 5 seconds.

    it's not a big issue I could just buy a switch, but would be handy to get the other ports working in bridge mode.

    Any suggestions?

    untangle.PNG

  2. #2
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,020

    Wink Welcome

    ...to Untangle, and the forums!

    The NGFW Firewall App will block only what you tell it to block.
    Show us a screenshot of the log that you see, including the URL bar.

    check your patch cables.

    Oh, and some light suggestions. A switch will use less resources than the additional interfaces on NGFW. Bridging interfaces makes it a brouter not a switch.
    You may want to process the ports individually anyway, it will certainly work.

    Along the same line, if you can afford leaving a NIC offline, the on-board Interface might not be the best for the fiber modem. I am concerned about the 100 Mb link, that doesn't seem right for newer technology.

    did I mention to check your patch cables? don't crimp your own.
    Last edited by Jim.Alles; 05-12-2020 at 02:40 PM.
    If you think I got Grumpy

  3. #3
    Newbie
    Join Date
    May 2020
    Posts
    5

    Default

    well that's what I thought...unless I really screwed up the config

    I'll get a switch

    all patch leads are manufactured

    screen shots below

    blocked.PNG

    firewall.PNG

    app control.PNG

  4. #4
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,020

    Default

    It is working perfectly.
    It is doing what you told it to do.
    rule 100008 Blocks everything in and out.

    I wouldn't attempt to use that module that way. Use it to surgically block a few things as necessary.
    https://wiki.untangle.com/index.php/Firewall

  5. #5
    Newbie
    Join Date
    May 2020
    Posts
    5

    Default

    Except I told it in application control which services to allow and not block...So the Firewall rules are processed before application control?

    Or I would need to manually add the relevant ports for the services in the firewall config, with the block rule remaining last.

    Maybe it won't allow/do what it would be used for, was evaluating it for business use, which the internal policy is control what comes in and goes out.

  6. #6
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,020

    Default

    before / after doesn't matter.
    The Apps are processed independently.

    And you can't block ports willy-nilly. It is all behind NAT
    The source ports used are randomized, not assigned by services.
    Last edited by Jim.Alles; 05-13-2020 at 01:34 AM.

  7. #7
    Newbie
    Join Date
    May 2020
    Posts
    5

    Default

    Will carry on with our current solution. Which does allow a block for all outgoing traffic, while allowing specific ports through. Having the app control would have saved some time, but as it doesn't work as expected not much use.

    Thanks for your assistance

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2