Page 2 of 5 FirstFirst 1234 ... LastLast
Results 11 to 20 of 43
  1. #11
    Untangler
    Join Date
    Apr 2017
    Posts
    68

    Default

    That was it...I changed the service port and can now log in to both sites from my home. I will work on cleaning up the port forwarding rules now. I really do appreciate your help!

  2. #12
    Newbie
    Join Date
    Oct 2010
    Posts
    4

    Default

    I just wanted to chime in and say I had this exact same issue. Untangle updated overnight, all HTTPS was broken. Poked around and eventually found / changed the service port on my own and things started working. Then I hit the google to see if this had turned up for anyone else and found this thread. My config was also working fine until this update, without having changed that service port.

  3. #13
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,322

    Default

    yes, this changed with 16, yet another upgrade that breaks stuff without warning.

    until now, the admin port 443 was only forwarded on the primary WAN IP address, so you could leave admin on port 443 and still forward 443 on additional IP's (aliases)

    now port 443 forwards to local administration on ALL ip addresses and breaks all port 443 forwards. so now you have to change the admin port if you want to use 443 for anything at all on any ip address

    it's an easy fix, but annoying as hell when I get a panic phone call from a customer half their stuff stopped working overnight

  4. #14
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,322

    Default

    if anyone needs/desires to have their untangle admin back on 443 on specific IP's (whether internal or external), here's the secret "hack":

    https://forums.untangle.com/networki...tml#post235718

    internally, the admin lives on 192.0.2.1 port 443, so you just point your port forward rule there

  5. #15
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,200

    Default

    Aliases admin GUI was actually broken after ~ 15.0. Fixed in 16.0.1 https://jira.untangle.com/browse/NGFW-13160. Using port 443 port forward should have not worked without moving admin port.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  6. #16
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,200

    Default

    Quote Originally Posted by johnsonx42 View Post
    if anyone needs/desires to have their untangle admin back on 443 on specific IP's (whether internal or external), here's the secret "hack"

    internally, the admin lives on 192.0.2.1 port 443, so you just point your port forward rule there
    This will cause issues if you are using block pages, captive portal, etc.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #17
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,263

    Default

    No it won't because the pre-forward target won't get used by the block pages. Only blocking the pre-forward connection can break block pages. All this rule does is put the remote admin in a known place to not require anyone to know what the special port is.

    Also, if Untangle cannot get their crap together on things I guess they should just ask us all to take a hike? Because Untangle is NOT SUPPOSED to be using alias IP addresses for ANYTHING.

    So if Untangle's remote admin is operating on an alias IP, that's a BUG and it needs fixed. But we've danced this specific dance before, which again is why I moved my service port off 443 ages ago. It seems we're going around AGAIN.

    Whatever is in NGFW-5514 is wrong...

    That is unless we're going to make the call that all addresses on Untangle are used by Untangle first. Which would be nicely consistent. And is perfectly acceptable... just LEAVE IT LIKE THAT, and make the declaration. As I said we've been here before, and then someone decided to make Untangle only use the IP addresses directly bound to an interface for admin and block pages.

    So just pick something...

    Then I'll move on with my life telling everyone that operates a web service behind Untangle to change their service port. Because it's the only sane configuration to use while Untangle plays Trump with how Apache is going to bind to an address.
    Last edited by sky-knight; 10-22-2020 at 09:03 AM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #18
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,322

    Default

    Quote Originally Posted by jcoffin View Post
    Aliases admin GUI was actually broken after ~ 15.0. Fixed in 16.0.1 https://jira.untangle.com/browse/NGFW-13160. Using port 443 port forward should have not worked without moving admin port.
    whether it should have worked or not, it always has until today. the site in question has required 443 port forwards for many years, and has never had the admin port on anything but 443.

  9. #19
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,322

    Default

    Quote Originally Posted by jcoffin View Post
    This will cause issues if you are using block pages, captive portal, etc.
    no it won't. all it does is add an alternate method of getting to admin, it doesn't change the use of the defined admin port (which itself is just a hidden port-forward)
    Last edited by johnsonx42; 10-22-2020 at 11:25 PM.

  10. #20
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,322

    Default

    honestly why would anyone want or expect the firewall admin to come up on alias IP's? what would be the point of that?

    It seems like someone tried to "fix" something that wasn't broken in the first place, because they didn't understand how it was supposed to work. another variation of "never remove a fence when you don't understand why it was put up" (Chesterton's Fence)

Page 2 of 5 FirstFirst 1234 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2