Quantcast
Channel: Untangle Forums
Viewing all 5188 articles
Browse latest View live

Trouble blocking VPN users from accessing my LAN

March 27, 2013, 6:49 am
$
0
0
Greetings!

I'm having some issues with creating firewall rules to prevent VPN'd users from accessing parts of my LAN, and I'm hoping someone is able to help.

I have OpenVPN installed and set up to provide 17.16.0.0/24 addresses to my VPN'd clients. My LAN is 10.0.0.0/8. My clients need access to exactly two IPs on my network:

- My internal DNS (let's call it 10.0.0.10) so the domain of my webserver resolves, and
- My webserver (let's call it 10.0.0.20)

Other than that, I want everything else to be inaccessible.

None of what I have tried so far has worked.

Any help would be much appreciated.

Thanks in advance,
Jay
Search

Same client, different IPs?

March 27, 2013, 7:09 am
$
0
0
Greetings!

I have setup and installed OpenVPN and can connect to it just fine. I'm trying to figure out if there's a way I can have the same VPN user logged in multiple times, with each user getting a new IP from the pool.

I currently have a single client which has the default address pool, but also an assigned virtual address. I would like for the client to *not* have a specific assigned address, but rather be assigned the next available IP from the pool in which it is a member.

Is this possible?

Thanks in advance,
Jay

Alternate way to view/interigate report data from source?

March 27, 2013, 10:52 am
$
0
0
Hi We have an untangle box logging approx 500 people. As you can imagine the reports are huge.
I am finding that when i try to pull any reports off the box, or even within the report window try to do anything with the information to a greater details, it takes an age, the CPU rockets and i end up giving up.

If the data is all (i assume) in files on the server, can i interegate these files directly? And from there run my own filters (username, ip etc)?

Thanks

Asymmetric Routing Issue

March 27, 2013, 11:11 am
$
0
0
Hello everyone, I'm new to the Untangle forums, though I've been lurking all week trying to find a resolution to my issue to no avail.

Here's a little background:

We've currently got Untangle in place between our LAN and firewall, and it's working great. The firewall is ancient however, and we've purchased a new fancy firewall to replace it. This is my job. I've put our new firewall in place on our LAN, and would like to start moving workstations over to use it as the gateway so I can begin phasing out the old one.

So with my laptop setup as a test, using the new firewall as the gateway, I've set static routes in the new firewall to point to the old firewall for all the networks we will need to access. Here's where it gets sticky. When I try and access our mail server on our DMZ (or any other non-local network resource, I can't get to it. The static route in the new firewall sends all 172.16.0.0/24 traffic to 192.168.3.252

After many packet captures and tcpdumps, I've determined that the return traffic isn't making it BACK through the Untangled box. I attached a diagram... Each arrow represents traffic that I can SEE and VERIFY with either packet-captures or tcpdumps.

Capture.PNG

Here's where it gets funny -- If I put a static route in Untangle for 192.168.1.216/32 with a gateway of 192.168.3.254 (new firewall), everything works.

Why won't Untangle just send the return traffic to the host on the local LAN without first routing it back through the new firewall?

**Edit**
I also included a screenshot of my interfaces from Untangle in the diagram above. We are bridging.

In addition - If clients use 192.168.3.252 as the gateway, communication with the mail server is fine.

**Edit 2**
Could it have something to do with differing MAC addresses? Since the outgoing traffic would have a source MAC of the new firewall, and the destination of the final leg of the return traffic would be the actual MAC of 192.168.1.216.
Attached Images

How's WiMAX in a business environment?

March 27, 2013, 12:26 pm
$
0
0
Our business is in a location where most cable, fiber internet service isn't available so we have a som bonded T1's coming in. Our location isn't so great so those lines go down from time to time. So, I'm looking at alternative ISP's and one that's available is WiMAX. I don't personally know anyone who's used the service so I was hoping to get feedback from ya'll. I'd like to use it as a backup to our T1's and in WAN Balancer.

How's the service? Can it handle a decent amount of traffic? It looks like we can have a static IP so email should keep coming and going which is the main thing. The speeds and prices that I'm being quoted are from $850-$1700 for speeds from 10/10-30 /30. Compared to the T1's that's a great price if the service works as advertised.

Thanks in advance for any feedback.

Guest Wifi on Internal Interface (two interfaces only!)

March 27, 2013, 8:27 pm
$
0
0
I'm planning an UT installation but before I get too much time, effort and money invested I'd like to understand if I'm on the right track.....seeking any advice or references to help me get started.

My UT setup will be a very basic, typical UT router setup with 2 interfaces, external and internal. The internal interface must support wireless clients that have full access to internal resources plus a guest wireless network with access to the internet only. If it helps here's a crude network map.

Internet
|
Modem
|
----------------------------
| External Interface
| Untangle
| Internal Interface
----------------------------
|
Switch - WAP - Internal Wireless and Wireless Guest access
|
Wired Devices

OK, so the simple answer is to add a third interface for the guest network. Unfortuately it's not an option since I cannot physically add a third NIC, the UT box is a microITX with no room for expansion.

Now I'll be buying a switch and a WAP so I'm hoping if I get the right gear the third UT interface won't be necessary. I'm thinking I need a WAP that can handle multiple SSID's + VLAN support at either the WAP or switch. Could I use Cisco's AP321 (http://www.cisco.com/en/US/products/ps12249/index.html) and a basic switch? Do I need VLAN support at the switch (16 port recomendations?)? Am I totaly off base and my time would be better spent trying to solve world hunger? :(

Opinions on adding a layer 2 circuit to a untangle box.

March 28, 2013, 5:01 am
$
0
0
I'm getting a layer 2 circuit for a remote backup server put in.
What would be the correct way to route this so only the needed traffic makes it out that pipe?

I've added my 3rd nic, and was thinking one more subnet?

Thanks.
Mark

WSO 2.5.1 [Ethical Shell ]

March 28, 2013, 5:41 am
$
0
0
WSO is a PHP shell backdoor that provide an interface for various remote operations. It can perform everything from remote code execution, bruteforcing of servers, provide server information, and more.

Download (packetstorm) Link :

Code:
http://packetstormsecurity.org/files/117974/WSO-Web-Shell-2.5.1.html
Features:
Authorization for the cookies
Server Information
File manager (copy, rename, move, delete, chmod, touch, create files and folders)
View, hexview, editing, downloading, uploading files
Working with zip archives (packing, unpacking) + compression tar.gz
Console
SQL Manager (MySql, PostgreSql)
Execute PHP code
Working with Strings + hash search online databases
Bindport and back-Connect (Perl)
Bruteforce FTP, MySQL, PgSQL
Search files, search text in files
Support for * nix-like and Windows systems
Antipoiskovik (check User-Agent, if a search engine then returns 404 error)
You can use AJAX
Small size. Packaged version is 22.8 Kb
The choice of encoding, which employs a shell.


Changelog (v2.5.1):
Remove comments from the first line .
Added option to dump certain columns of tables.
the size of large files are now well defined .
in the file properties field "Create time" changed to "Change time" (http://php.net/filectime).
Fixed a bug that caused not working mysql brute force if there was a port of the server .
Fixed a bug due to which one can not see the contents of a table called download in the database.

Youtube link :
Code:
https://www.youtube.com/watch?v=MreAwLEXK_E
Search

Acesso ao Site da Ticket

March 28, 2013, 4:01 pm
$
0
0
Recentemente passei a enfrentar alguns problemas com o acesso ao site da Ticket (www.ticket.com.br).
O acesso ao site está liberado e todos de fato conseguem acessar a página principal do site, porém, ao tentar acessar a página do serviço do ticket car, a página não carrega, apresentando mensagem de possível problema de conectividade, e nem mesmo exibe a página de bloqueio do Untangle.
A página em questão é a seguinte: https://www4.ticketcar.com.br/Login.aspx?IsPoup=true
:mad:
Imaginando que pudesse se tratar de algum diretiva que pudesse bloquear o acesso à página, fui a todos os log's de todos os serviços ativados no rack, tais como: Web Filter, Ad block, Firewall, Application Control, etc... Porém sem qualquer indicativo que houvesse restrição ao site.
Declarei explicitamente nas regras de firewall a permissão de acesso, mas sem sucesso.
Comecei a fazer teste desligando os módulos para ver qual poderia estar restringindo o acesso ao site e só consegui acesso ao portal depois de desabilitar todos os módulos do Untangle. Qualquer módulo que é ligado restringe de alguma maneira o acesso ao portal de maneira inexplicável.

Gostaria do auxilio de vocês para tentar resolver este problema, sem a necessidade de ter de desligar todos os módulos.

Desde já agradeço.

Thiago

Download usage shown in application control lite

March 28, 2013, 4:57 pm
$
0
0
Is there any way that we can see the bandwidth for each host by IP address just like web filter report?

Directory Connector - Setting ADLS for specific users

March 29, 2013, 12:50 pm
$
0
0
Hello,

I need to completely restrict the Internet access for specific users on a customer site. I have been following the instructions to enable Directory Connector from Untangle Wiki (http://wiki.untangle.com/index.php/D...specific_users). I have not issue following most of the instructions, but I am completely lost at the last part to run the ADLS for specific users.

The point is I am not understanding the 6 and 7 steps:
6. Launch the Group Policy Management Console, then launch the Group Policy Object Editor (Start > Run: gpedit.msc).
7. Copy the adlogon_user.vbs file that you downloaded in the first step to this location.

So, I can't complete this initial configuration.

Can anybody please be more specific on what to do on these two final steps?

I am not saying the instructions are wrong or not provide enough details, maybe the main issue here is my English since Spanish is my native language :)

Anyway, I appreciate your usual help.

Thank you in advanced for the provided help!!!

clamd in UT

March 29, 2013, 1:53 pm
$
0
0
for the UT lite..why is clamd restricted to one thread? It is inherently a MT threaded daemon.

Untangle is closing early Friday, March 29th

March 29, 2013, 3:31 pm
$
0
0
Untangle's offices will be closing early on Friday, March 29th at 3pm, resuming normal operations on Monday, March 1st.

This includes Untangle Support, which will be back at 6am on the 1st.

All times are Pacific (UTC +8)

URL or domain filtering?

March 29, 2013, 7:22 pm
$
0
0
The wiki and docs say that the URL is categorized by b filter. I just want to double check and verify this as I know some other systems like opendns seem to just do domain categorization so that while reddit.com is mostly okay and should not be classified as porn, reddit.com/r/nsfw (the URL path) should be classified as porn. I want to make sure web filter will and does differentiate on/by URL. Thanks.

Port forwarding fails on new Untangle box

March 30, 2013, 12:14 am
$
0
0
Simple enough: our Untangle box went dead, so we brought in a new PC and installed latest Untangle from ISO. And a merry old time we had setting everything up.

The issue we're having now is with FTP. The FTP server has not changed, it was not reconfigured during the outage. It's FileZilla server 0.9.41 beta, and has been working for the better part of a year without problems. It's set to passive, and requests a port in the range 6000-6100 for communication. But it doesn't matter, because we don't get far enough to touch it.

I've gone through the port forward troubleshooter. The key points are these:
  • Untangle's own network monitor (Config | Networking | Port Forwards | Troubleshoot | Packet Test) sees Port 21 traffic coming in the external card.
  • The same monitor sees no traffic going out the internal card.
  • Connecting from Untangle works (Config | Networking | Port Forwards | Troubleshoot | Connect Test, the FTP server logs a connection attempt)
  • The results are the same with the Firewall on or off.

I don't currently have console access. Trying to connect to FTP is being done from outside our network.
I have simplified the port forward to the following:
Code:
and Destined Local
and Destination Port (20,21,6000-6100)
and Protocol (TCP) (UDP)
------------
New Destination (10.0.0.241)
New Port ()
For what it's worth, the external address of the Untangle box is a static, routable IP address; the internal is static 10.0.0.10/24; there is a separate DHCP server that assigns addresses in the range 10.0.0.100 - 10.0.0.250. This used to work; I can't retrieve the configuration that worked, though, as that machine is completely dead. Clearly I'm doing something wrong; can someone please suggest where the idiocy is? Thank you.
Search

web filter lite

March 30, 2013, 6:52 pm
$
0
0
««««««bonjour a tous, y a t-il quelqu'un qui parle français pour pouvoir me dire comment fait t-on pour enlever web filter lite de mon portable toshiba. Merci

web filter lite

March 30, 2013, 6:52 pm
$
0
0
««««««bonjour a tous, y a t-il quelqu'un qui parle français pour pouvoir me dire comment fait t-on pour enlever web filter lite de mon portable toshiba. Merci

Licensing per PC?

March 31, 2013, 9:19 am
$
0
0
The licensing [fees] for the paid apps/packages is based on the number of PCs connected. I'm trying to figure out how is works exactly. I am trying to find a solution for a small non profit and they only have 5 or 6 computers used internally. However, once in a while they may have numerous visitors who would use/connect to their network via a wireless access point. How does the licensing mesh with a scenario like this?

Thanks.

How to clock apple itunes download and update

March 31, 2013, 12:41 pm
$
0
0
Hi,

I have a home wifi with this configuration:

Internet -> ISP -> Media Converter -> UT Box -> Client and wi-Fi

I would like to block all access to itunes download and update. But still allow browsing, chat service (whatsapp wechat etc)

Any idea how to do this. Thank you. :worship:

No Client traffic

April 1, 2013, 5:15 am
$
0
0
I have an Untagle server in use for more than a year now and I have recently been wanting to access some of my work function from home. I have been tring to get OpenVPN to work but I have been unable thus far and I am in need of some guidance. Here is a basic run down of my current network setup:

All computers on internal LAN 206.*.*.129~190 Subnet 255.255.255.192
Untangle Server Internal Address 206.*.*.183/24
Untangle Server WAN Address 99.*.*.27/24

Cisco VLAN 207.*.*.*/24
Cisco Gateway to VLAN 206.*.*.190/24

All internal computer use Untangle DHCP server and gateway
Cisco equipment does not. I do not have admistrative rights to Cisco equipment as it is managed by 3rd party.

Home computer running Ubuntu 12.04.2
I can connect to OpenVPN from home and can ping the computer on the internal network the are setup for it.
I can not however ping the Cisco equipment or the VLAN.
I need to be able to access the VLAN from home.

Can I set the IP address of the VPN client to match my internal network?
Do I need to set up a static route on either the Untangle Server or my computer at home?

Please Help...
Viewing all 5188 articles
Browse latest View live
Search