Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17
  1. #11
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,249

    Default

    My internal net is 192.168.1.0/24 and my DMZ is 10.0.0.0/24
    This is borked...

    Unless the NAT policy is the SAME, and I mean character for character on both DMZ and Internal interfaces the unit will NAT traffic between the two. Because you have vastly different IP spaces, you have no choice but to use port forwarding to move traffic from external to DMZ. Because all your traffic is going there anyway.

    Alternately you can change the IP space of the DMZ, since you used 192.168.1.0/24 on internal use 192.168.2.0/24 on the DMZ, then set both NAT policies to 192.168.0.0/16 and you'll finally be able to communicate with local addresses. Refine the firewall from there.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #12
    Untanglit
    Join Date
    Apr 2009
    Posts
    19

    Default

    Hi, i'm starting to feel really stoopid now but i'm doing something wrong....

    I took your advice and changed my IP Space to
    Internal: 192.168.1.254/24
    DMZ: 192.168.2.254/24
    with both NAT Policies set to 192.168.0.0/16

    and still I cant RDP from Internal to DMZ ???

    The server in the DMZ has a static IP address of 192.168.2.1
    The test pc on the LAN is using DHCP (range 192.168.1.10 - 192.168.1.20) ip is 192.168.1.16
    Last edited by paulgormley; 04-28-2009 at 04:28 AM.

  3. #13
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,249

    Default

    Do you have the firewall module isntalled? DMZ is "less trusted" and therefore block all by default. You have to specify firewall rules to let traffic pass.

    Turn off the firewall module first to test... you may need to kick the packet filter too.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #14
    Untanglit
    Join Date
    Apr 2009
    Posts
    19

    Default

    Yes I've the firewall module installed and running... turned it off and nothing...

    it's stifling my progress but unfortunately its a necessity as we host/develop our own websites, our developers will need some form of access to the web servers in the DMZ.

    Any help is appreciated, many thanks.
    Paul

  5. #15
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,249

    Default

    Well... the static DMZ is somewhat of an advanced feature to UT...

    I'm trying to remember what I did, because I have this working!

    Ok, screw the firewall and put in a packet filter rule...

    config -> networking -> advanced -> packet filter

    Pass, source interface: internal, destination interface: dmz and see if that helps...
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #16
    Untanglit
    Join Date
    Mar 2009
    Posts
    23

    Default

    Just wondering..have you confirmed that the web server has RDP enabled (it's not by default) and that it's local firewall is allowing connections?

    Physically bypass Untangle by plugging a laptop/other computer and the server into a switch, giving the laptop a static IP on the same subnet, and confirm that you can do remote desktop, access a web page, etc.

    I know it's "obvious" but it's cought me before, troubleshooting the wrong step in a multistep chain.

  7. #17
    Master Untangler choeschen's Avatar
    Join Date
    Sep 2007
    Posts
    140

    Default

    I would recommend adding a packet filter rule (Source Address = Internal subnet; Destination Address = RDP Server IP; Action = Pass.) This is how I handle getting two networks to connect myself. This way you don't need any rule in the firewall and you don't need any port forwards unless you want external RDP access.

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2