Quantcast
Channel: Untangle Forums
Viewing all 5188 articles
Browse latest View live

Untangle Internal LAN displays ICMP request/replies

July 27, 2015, 9:37 am
$
0
0
Hello all

I am using Untangle community:

Build: 11.1.0~svn20150430r40162release11.1-1wheezy
Kernel: 3.2.0-4-untangle-amd64

I am using it as a router with 2 NICS eth0 (WAN) and eth1 (LAN)

The LAN IP address is 192.168.0.1/24

When doing a TCPDUMP on eth1 I get the following output and wonder why this would be?

09:21:09.375600 IP 192.168.0.1 > 192.168.1.69: ICMP echo request, id 4071, seq 1, length 52
09:21:09.375793 IP 192.168.1.69 > 192.168.0.1: ICMP echo reply, id 4071, seq 1, length 52
09:21:09.375895 IP 192.168.0.1 > 192.168.1.14: ICMP echo request, id 4071, seq 1, length 52
09:21:09.376166 IP 192.168.1.14 > 192.168.0.1: ICMP echo reply, id 4071, seq 1, length 52
09:21:09.376288 IP 192.168.0.1 > 192.168.100.8: ICMP echo request, id 4071, seq 1, length 52
09:21:09.376596 IP 192.168.100.8 > 192.168.0.1: ICMP echo reply, id 4071, seq 1, length 52
09:21:09.376665 IP 192.168.0.1 > 192.168.1.3: ICMP echo request, id 4071, seq 1, length 52
09:21:09.376771 IP 192.168.1.3 > 192.168.0.1: ICMP echo reply, id 4071, seq 1, length 52
09:21:09.376837 IP 192.168.0.1 > 192.168.1.18: ICMP echo request, id 4071, seq 1, length 52
09:21:09.377017 IP 192.168.1.18 > 192.168.0.1: ICMP echo reply, id 4071, seq 1, length 52
09:21:09.377077 IP 192.168.0.1 > 192.168.1.8: ICMP echo request, id 4071, seq 1, length 52
09:21:09.377190 IP 192.168.1.8 > 192.168.0.1: ICMP echo reply, id 4071, seq 1, length 52
09:21:09.377262 IP 192.168.0.1 > 192.168.1.48: ICMP echo request, id 4071, seq 1, length 52
09:21:09.377407 IP 192.168.1.48 > 192.168.0.1: ICMP echo reply, id 4071, seq 1, length 52
09:21:09.377470 IP 192.168.0.1 > 192.168.100.6: ICMP echo request, id 4071, seq 1, length 52
09:21:09.377792 IP 192.168.100.6 > 192.168.0.1: ICMP echo reply, id 4071, seq 1, length 52
09:21:09.377852 IP 192.168.0.1 > 192.168.100.7: ICMP echo request, id 4071, seq 1, length 52
09:21:09.378156 IP 192.168.100.7 > 192.168.0.1: ICMP echo reply, id 4071, seq 1, length 52
09:21:09.378231 IP 192.168.0.1 > 192.168.100.4: ICMP echo request, id 4071, seq 1, length 52
09:21:09.378540 IP 192.168.100.4 > 192.168.0.1: ICMP echo reply, id 4071, seq 1, length 52
09:21:09.378603 IP 192.168.0.1 > 192.168.1.22: ICMP echo request, id 4071, seq 1, length 52
09:21:09.378913 IP 192.168.1.22 > 192.168.0.1: ICMP echo reply, id 4071, seq 1, length 52
09:21:09.378973 IP 192.168.0.1 > 192.168.1.128: ICMP echo request, id 4071, seq 1, length 52
09:21:09.379101 IP 192.168.1.128 > 192.168.0.1: ICMP echo reply, id 4071, seq 1, length 52
09:21:09.379170 IP 192.168.0.1 > 192.168.100.5: ICMP echo request, id 4071, seq 1, length 52
09:21:09.379474 IP 192.168.100.5 > 192.168.0.1: ICMP echo reply, id 4071, seq 1, length 52
09:21:09.379537 IP 192.168.0.1 > 192.168.1.13: ICMP echo request, id 4071, seq 1, length 52
09:21:09.379624 IP 192.168.1.13 > 192.168.0.1: ICMP echo reply, id 4071, seq 1, length 52
09:21:09.379698 IP 192.168.0.1 > 192.168.100.2: ICMP echo request, id 4071, seq 1, length 52
09:21:09.379841 IP 192.168.100.2 > 192.168.0.1: ICMP echo reply, id 4071, seq 1, length 52

Eth1 (LAN) connects to a CISCO switch with several VLANS as shown by the different networks queried.

Does anyone have any idea why I might be seeing this behavior? Any information is greatly appreciated.

Thank you.

Andrew
Search

Free Memory Alert doesn't seem to work right

July 27, 2015, 7:34 pm
$
0
0
I appreciate the new alert features in Untangle, but the default memory alert doesn't seem to be working right.

The default rule is to alert when free memory is less than .1. What is .1? is it .1%. Is it .1 Gb? Whatever it is, apparently 114MB is low enough to trigger it on a 2GB system. I'm continually getting alerts from this and in the alert e-mail the free memory is around 114MB. Unfortunately, there doesn't seem to be a lot of explanation about these alerts or how to add or modify them.

I've disabled the alert for now, and the fact that the box probably needs more ram is beside the point.

Thanks

Random Reboots?

July 28, 2015, 6:22 am
$
0
0
The beginning of this month I noticed our firewall rebooted but didn't look too much into it. Then this morning it rebooted again. My question is why did UT reboot? I found another thread on this topic and suggested to look in /var/log/syslog and /var/log/uvm/* and here are the last lines before the reboot:

/var/log/syslog
Code:
Jul 28 05:32:37 firewall spamd[17583]: spamd: connection from localhost [127.0.0.1] at port 4615
Jul 28 05:32:37 firewall spamd[17583]: spamd: checking message <0.0.0.6D0.xxxxxxx.xxxxx@xxxxxxx> for spamd:10002
/var/log/uvm/console.log (First entry is UVM starting which is during the reboot, no help)

/var/log/uvm/console.log.crash (Last entry was Jun 2nd, nothing for July, no help)

/var/log/uvm/console.log.1.gz
Code:
Jul 23 01:13:19 firewall uvmconsole: 07-23 01:13:19.001763| ERROR:./libnetcap/src/netcap_tcp.c:390:WARNING: TCP: Could not find session for accepted connection :: (xxx.xxx.xxx.xxx:2568 ) -> (xxx.xxx.xxx.xxx:25  )
Jul 23 01:43:55 firewall uvmconsole: 07-23 01:43:55.947054| ERROR:./libnetcap/src/netcap_tcp.c:390:WARNING: TCP: Could not find session for accepted connection :: (xxx.xxx.xxx.xxx:47747) -> (xxx.xxx.xxx.xxx:25  )
/var/log/uvm/uvm.log
Code:
Jul 28 04:15:31 localhost [SessionTable] WARN  Collision value in port availability map: xxx.xxx.xxx.xxx:60000
Jul 28 04:15:33 localhost [SessionTable] WARN  Missing value in port availability map: xxx.xxx.xxx.xxx:60000
/var/log/uvm/uvm.log.crash (Last entry was Jun 2nd, nothing for July, no help)


From the logs the reboot happened about 5:33 this morning (last time spamd was triggered to scan an e-mail) but nothing in the logs gives an explanation as to why. Also I have "Do Not Automatically Install Upgrades" checked. Is there another log I can look into that might give a clue as to why it rebooted? Was it a hardware failure, planned reboot by UT for some reason, sun spots reflecting off of Venus?

Our firewall is in a climate controlled room connected to backup power. No other server in this room rebooted last night, just the firewall, so that rules out any power issue. The room is locked and only myself and my boss has access to it. I am running build 11.1.0 and no upgrades are available to be installed.

Spam Blocker Lite causing 421 connection timeout

July 28, 2015, 1:12 pm
$
0
0
I looked through the forums for others who had problems with this, and I found some threads but none addresses my problem.

Since putting in Untangle, my client cannot send email to specific domains. They have an Exchange 2010 server, and any email going to mail hosted by 1and1 gets a 421 connection timeout error. I experience this error from telnet as well, when manually trying to send a message I recv. a 421 in the middle of typing. Outbound scanning is OFF, but I still see the messages in the event log, so Untangle is still "seeing" them, even though it isn't scanning the messages.

In Protocols, disabling SMTP scanning solves this problem, so I know for sure that Untangle is the culprit. Any ideas?

Tech Talks: Captive Portal/BYOD Recording Now Available!

July 28, 2015, 3:26 pm

Block inbound ssh (port 22) and DNS (port 53)

July 28, 2015, 3:27 pm
$
0
0
Build: 11.1.0~svn20150430r40162release11.1-1wheezy
Kernel: 2.6.32-5-untangle-amd64
History: yes (43)
Reboots: 0 (0)
Current "licensed" device count: 83
Highest "licensed" device count since reboot: 101

I am running WAN Balancer/Failover where our primary WAN is running on a /24 block of static IPs and our failover WAN is on a single DHCP IP. When I run a port scan from outside the network I am seeing ports 22 and 53 open on the entire /24 block of static IPs, and indeed, I can ssh to any of those IPs and login to my untangle box. I do not have any NAT rules for ssh (well, not on port 22, anyway!) I have tried adding rules under Config > Network > Advanced > Filter Rules to block port 22 source interface: any WAN for both port 22 and 53, but rerunning the scans shows the ports to still be open.

Capture.PNG

Any advice appreciated!
Attached Images

quarantine major issue

July 29, 2015, 12:00 am
$
0
0
Hi there.

I'm having the issue with my quarantine. I keep on getting messages not even made for my home network being quarantined. Something like the following address.

Email quarantine detail bill@feca.com

and sender is aexp@secureserver.com

so what can I do to remedy this.

Spam Blocker Report

July 29, 2015, 1:34 pm
$
0
0
I just setup a new install and when reviewing the reports I noticed that the Spam Blocker report is showing Message Sender instead of Message Receiver. Is this expected behavior? I thought the report used to show Message Receiver.

Update: Looking more closely, the Message Receiver and Message Sender in Reports is not matching what is showing for Receiver and Sender in the Event Log for Spam Blocker.
Search

Site to Site / Untangle to Untangle

July 30, 2015, 7:59 am
$
0
0
We will possibly be buying a second location which is off-site of the main location. There won't be as many computers at the second location so I was thinking to just set them up as new openVPN clients at the main location and have them run openVPN all day to be connected to the main network. Is there something better I should be doing? I do plan on setting up an untangle server at the second location similar to how the main location is setup. I was just curious if there is a better way to setup the second untangle to possibly link with the main location so the clients at the second location don't have to run openVPN all day? I'm open to all feedback. Thank You!

Bridged Untangle / Spam Filter only internal address'

July 30, 2015, 9:07 am
$
0
0
We have an untangle in bridged mode, running spam blocker lite and not filtering anything. When I check the logs I am showing that it is passing all email sent through it that is from our employees (which is how we want it) but I am not seeing any email in the inspection logs that are from outside our organization.

Has anyone ran into this, know how to remedy it or know where to look first? I would really appreciate it! Thanks.

Untangle 11.1.0 Blocking Hotmail Access

August 3, 2015, 2:03 pm
$
0
0
Hello all,

I have UT ver. 11.1.0 installed (for testing purpose, lite version) configured in bridge mode. For some reasons I cannot access Hotmail (outlook) accounts over any browser. I enter into https://login.live.com page, enter an email account and password, hit Sing In and after a few minutes searching I receive a blank page with a message saying "No data received".

I have read in the forum different threads related to this same issue and in many occasions refers to pages using the PHP/Ajax as the main issue saying UT doesn't like pages with this configurations (I have to said that these threads were from 2011). All of them pointed to the "Intrusion Prevention" app as the main reason to block these type of pages. In my case I don't have intrusion prevention app running (it is not even installed), but I have same issue.

Can you help me to find out why it is not working?

Strange FTP issue - bypass breaks things...

August 3, 2015, 3:05 pm
$
0
0
Hi all,

I have a very odd issue that I'm struggling with.

I've recently put Untangle 11.1 into a client's site, and had a support call logged today that they were having some FTP issues. It seems that they have some clients using TLS with FTP, which is fine - I added a bypass rule for traffic to the FTP server's IP address.

However, I then got a call later to say that some automated routines that they use externally (using active mode FTP) weren't working. Sure enough, a quick test with an online FTP test showed a failure in retrieving directory info (the ftp server not being able to make a connection outbound to the client).
Disabling the bypass rule immediately fixed this issue.

In the end, the only way I've got both FTP issues resolved is to turn off FTP processing on Untangle, but this isn't ideal as I'd still like to scan downloads. Ideally I'd like to bypass traffic to get the secure TLS FTP to work, without having to disable all processing.

I'm very confused why adding a bypass rule would break something, when in theory it should bump the traffic around all the Untangle modules. Does this sound like a bug?

The FTP test I was using is http://www.infobyip.com/ftptest.php - I could also correlate the results with Windows ftp client (which only uses active mode). Unfortunately we can't use passive mode (which works in all the scenarios above) as the client's developers have written the application without passive mode support.

Recent Issues with AdBlock

August 4, 2015, 10:10 am
$
0
0
I am having trouble with a few sites now, and it seems to be getting worse. If I turn off AdBlock all sites work as expected.
Can anyone else try the links below and see if you are having similar issues?

Page Does not render properly : http://www.airliners.net/aviation-fo...eral_aviation/
Pages will not load:

http://www.flyertalk.com/forum/south...-bag-fees.html

http://www.cntraveler.com/stories/20...harge-bag-fees

http://gawker.com/heres-what-not-to-...h-1-1721306958

The weird thing is that other Flyertalk threads open fine, and I can browse Gawker as well.

Anyone else seeing similar issues?

DNS Priority

August 5, 2015, 12:32 am
$
0
0
Hi all,

my untangle is Build: 11.1.0

I have another Local DNS hosted in my network and want this to be my priority DNS to my DHCP clients and wonder how to do this. as of the moment I have no choice but to use the DNS override but there is no way to add a secondary DNS. I were able to force my dns settings before by putting this 6,192.168.1.1,192.168.1.2 on the DHCP options.

thanks!

Untangle Bridge mode not working for internal subnet?

August 5, 2015, 1:08 am
$
0
0
Untangle Bridge mode not working for internal subnet?

I ran into the issue of internal subnets(on the eth2 internet interface) within my network not being able to connect to the Internet.


fortigate untangle.png

I setup untangle as bridge mode behind fortigate 80c. Untangle utm with 192.168.168.92 can connect to internet,HOWEVER, other computers on the internal interface(eth2) cannot connect to internet .


how to slove it ?

thank you very much~
Attached Images
Search

Allow Office 365 Outlook Mail to ByPass Captive Portal

August 5, 2015, 8:25 am
$
0
0
I have some users who will probably never open their browsers but I need to have them able to receive email even with Captive Portal Enabled.

How can I set things up so that Office 365 apps work without being affected by captive portal but everything else is captured?

Domain DNS Server

August 5, 2015, 2:40 pm
$
0
0
If you have two DNS servers that support AD, do you put two separate Domain DNS server entries in Untangle? Or will it only use one?

Abandoning all traffic

August 6, 2015, 9:44 am
$
0
0
I just got Untangle set up and have Webfilter and HTTPS Inspector running. All traffic coming through HTTPS Inspector is being abandoned.

Right now I have the U150 set up in a computer lab in bridge mode that intercepts traffic before it goes to a switch to the computers. Before the U150 is the router, other switches and our DNS/AD Server. I eventually want to move it to be right behind the router, but first need to set bypass rules in place so that teachers computers are not blocked.

In the log a lot of the stuff being abandoned is vortex-win.data.microsoft.com, settings-win.data.microsoft.com, Trendmicro (even having this disabled on the desktops does not stop traffic from being abandoned).

I have made sure to turn off HTTPS inspection on web filter.

Trying to get this set up and running before the school year starts and really at a loss as to what to do here.

External Interface High RX Errors after adding Filter Rules

August 6, 2015, 11:58 am
$
0
0
Just added a large filter rule in the Filter Rules under advanced networking.

Added 2 countries IP list to the filter rule and just started receiving RX Errors on the External Interface.

Any thoughts welcome.

Does anyone have any working ignore rules for Windows 10 Microsoft apps like News?

August 7, 2015, 9:17 am
Viewing all 5188 articles
Browse latest View live
Search