Page 4 of 7 FirstFirst ... 23456 ... LastLast
Results 31 to 40 of 65
  1. #31
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,666

    Default

    Well, I don't use uPnP... I don't like it. But, it's there and yes if you want to HOST multiplayer games on various consoles you're going to need it.

    As for securing Web Filter, all that stuff you just said? And I mean ALL OF IT.

    Throw it away...

    You're thinking about a DNS based black list, because that's what you've got a frame of reference to understand. Untangle's Web Filter is NOT a DNS based black list. It does use DNS to get its data from the database, but the thing that's inspected is the TCP session carrying HTTP or HTTPs itself.

    That means... as long as Untangle is on the path to the Internet, Web Filter is engaged. It doesn't matter where the client resolves its DNS, web filter is in the way. Now you may want to secure your DNS resolution pathways, and that's a valid concern. But you're doing that to harden DNS, not to ensure the content controls work.

    The operating mode to bypass it, is either a configuration that does so on the Untangle itself. Or, you have to use a 3rd party VPN solution so Untangle doesn't see the HTTP/HTTPs anymore... or simply use another network connection, like cellular or the neighbor's wifi.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #32
    Untanglit
    Join Date
    Feb 2021
    Posts
    29

    Default

    Thanks sky-knight.

    In order for Web Filter to inspect encrypted traffic (HTTPS), wouldn't I need to turn on SSL Inspector?

    How would you suggest hardening my DNS on Untangle? I'm assuming this would mean I select which DNS servers to use and then try to force all my kids devices to use those DNS servers?

    I know I have a lot of questions. Do you know of any parental control guides for setting up Untangle?

    Edit: I'm looking into some of the Untangle Wiki stuff and other posts to find some more information.
    Last edited by sclawrenc; 02-16-2021 at 02:27 PM.

  3. #33
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,385

    Default

    Web Filter will filter based on domain name (SNI) on HTTPS without SSL Inspector.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #34
    Untanglit
    Join Date
    Feb 2021
    Posts
    29

    Default

    Quote Originally Posted by jcoffin View Post
    Web Filter will filter based on domain name (SNI) on HTTPS without SSL Inspector.
    Thanks jcoffin. That makes sense. The only way to inspect all HTTPS is to install a cert on each device which I might or might not do later.
    I am looking into ways to prevent google searches that will show inappropriate images. For example, if I search for "porn" using google, I will still have porn images displayed. I'm just scratching the surface on what's possible in Untangle. I'm assuming this is because Google searches are encrypted. How does Untangle suggest handling the encrypted DNS connections which I think are the reason I'm able to search for porn images successfully using Google even with the porn category block on Web Filter.

  5. #35
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,666

    Default

    Quote Originally Posted by sclawrenc View Post
    Thanks jcoffin. That makes sense. The only way to inspect all HTTPS is to install a cert on each device which I might or might not do later.
    I am looking into ways to prevent google searches that will show inappropriate images. For example, if I search for "porn" using google, I will still have porn images displayed. I'm just scratching the surface on what's possible in Untangle. I'm assuming this is because Google searches are encrypted. How does Untangle suggest handling the encrypted DNS connections which I think are the reason I'm able to search for porn images successfully using Google even with the porn category block on Web Filter.
    Google actually does a fair bit of that for you, as it by default filters. Controlling what Google does outside of Google is infuriatingly difficult sadly. There is the enforce safe search option, but that requires SSL inspector to be enabled and configured just right to work.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #36
    Untanglit
    Join Date
    Feb 2021
    Posts
    29

    Default

    I did a ShieldsUP! port scan, and I noticed that the default Untangle setup has Allow Ping and Allow Dynamic Routing BGP enabled. Do you know why they default to this setting?

  7. #37
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,666

    Default



    Yes, Ping is allowed as is OSPF, and BGP, and a few other things.

    Now that we've established that your GRC scan is woefully incomplete... Should we continue in discussing the rampant paranoia that comes from the full stealth crowd?

    You can go into config -> networking -> advanced -> Access Rules and see the screen I posted above.

    You can disable the Allow Ping, and Allow Dynamic Routing rules and you'll get back your stealth light. But, as I hinted at above that light is utterly meaningless. All you're doing is disabling troubleshooting tools. Though, there isn't much harm in disabling those three rules, as long as you're aware you've done so. But are you more secure for doing it? No... not at all.

    Whatever you do, don't disable that block all rule at the bottom. Under no circumstances is that OK! Not even for testing... not even for "a few seconds".
    Last edited by sky-knight; 02-17-2021 at 08:06 AM.
    CMcNaughton likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #38
    Master Untangler CMcNaughton's Avatar
    Join Date
    Feb 2015
    Location
    Denver, CO
    Posts
    176

    Default

    Quote Originally Posted by sky-knight View Post


    Whatever you do, don't disable that block all rule at the bottom. Under no circumstances is that OK! Not even for testing... not even for "a few seconds".
    Screen Shot 2021-02-17 at 8.08.17 AM.png
    sclawrenc likes this.

  9. #39
    Untanglit
    Join Date
    Feb 2021
    Posts
    29

    Default

    Thanks to you both. What is the Untangle recommendation on whether or not to enable IPv6? I believe it is disabled by default in Untangle.

  10. #40
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,666

    Default

    Quote Originally Posted by sclawrenc View Post
    Thanks to you both. What is the Untangle recommendation on whether or not to enable IPv6? I believe it is disabled by default in Untangle.
    I'm not sure what the question is? The screen shots above are the defaults, the defaults are what is recommended.

    But if you're wondering if the v6 boxes should be checked? YES! That makes the rules interact with v6 if it sees it.
    Last edited by sky-knight; 02-20-2021 at 09:57 AM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 4 of 7 FirstFirst ... 23456 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2