Page 1 of 5 123 ... LastLast
Results 1 to 10 of 43
  1. #1
    Untangler
    Join Date
    Apr 2017
    Posts
    68

    Default Port Forwarding no longer working after updating to 16.0.1

    Good Morning - Last night one of my Untangles updated to 16.0.1 with apparently no issues as everything appears to be working this morning. Our telephone (3CX) vendor just contacted me and said they can no longer login to our Admin console. Also, none of my users can access our IFD of Dynamics 365 either. I checked and the necessary port forwarding rules are still in place and everything else appears to be working fine. I can access both sites from inside the network. Is there something else I can check? They are just an https:// addresses. It almost appears as if Port Forwarding is not working. I can see the port forwarded session from my home computer and it does not appear to be blocked but I cannot connect to the site from home.

    When running the connection tests from the interface, I see 'Connection Refused'. Why would that occur? I also see an error 'DNS fwd/rev mismatch:'. Not sure if that was there before or not to be honest. Thank you in advance for your help.

  2. #2
    Untangler
    Join Date
    Apr 2017
    Posts
    68

    Default

    Update - I can see the connection attempt from my home computer when using Edge, not when I use Chrome.

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,250

    Default

    Screenshot of the port forward rules and your service ports page please.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Untangler
    Join Date
    Apr 2017
    Posts
    68

    Default

    Here are the Port Forward Rules
    Untangle1.JPG

    And the service ports
    Untangle2.JPG

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,250

    Default

    You cannot use TCP 443 more than once, the IP address on external uses TCP 443 for remote administration and other functionality. Therefore, if you wish to forward TCP 443 to an internal web service, you need to change your service port to something other than 443.

    Most of my Untangle servers use TCP 444 for that reason.

    Also, your port forward rules are over matching, you're forwarding UDP and TCP traffic terminating on 443, when TCP only will do. This is a potential security risk. You have the same problem on many of your rules. All port forward rules to be properly formed require four elements at a minimum. Destination Address or Destined Local, Protocol, Destination port, and new destination address. The first three matches work on most subsystems of not only Untangle, but most other UTM platforms as well. So while this isn't why you're having trouble at this moment, be aware it's also a very bad habit that can cause ugly difficult to troubleshoot issues later.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Untangler
    Join Date
    Apr 2017
    Posts
    68

    Default

    OK, thank you. Did this change with the upgrade to 16.0.1? Everything worked fine yesterday. Not that it is any excuse but I inherited this mess. How do I go about cleaning it up? I need port 444 for CRM, can I use something strange like 447? 3CX specifically asked for TCP and UDP

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,250

    Default

    You can use whatever service port you'd like, no it didn't change with this update it's been this way since v5.

    I have no idea how your configuration worked before, because it shouldn't have. The behavior you're seeing now is the way it should have worked.

    Your 3CX vendor may have indeed asked for TCP and UDP for the SIP traffic, because that uses both at times. But it does not require such for remote administration.

    One of the wonderful things about 3CX is they have absolutely amazing documentation. It's right here: https://www.3cx.com/docs/ports/

    I run 3CX myself behind Untangle and it's a wonderful solution. But the amount of disinformation out there on what needs what is quite nuts. Also, the amount of phone techs that don't have a clue how networks are supposed to work supporting VoIP these days is also a problem.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #8
    Untangler
    Join Date
    Apr 2017
    Posts
    68

    Default

    Thank you. I appreciate your advice. What are the implications of changing that service port during business hours?

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,250

    Default

    It's a port forward that you can't see, so networking will restart.

    Same impact as editing a port forward or firewall rule, it's not technically without impact but your users won't notice much. Worst case is someone has to click play on that youtube video they're watching again.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #10
    Untangler
    Join Date
    Apr 2017
    Posts
    68

    Default

    OK, I'll try it...most people should be at lunch anyway

Page 1 of 5 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2