Quantcast
Channel: Untangle Forums
Viewing all 5188 articles
Browse latest View live

Reports for Web Filter (and Web Filter Lite) not counting HTTPS traffic

April 1, 2013, 6:25 am
$
0
0
I need to be able to monitor web traffic consumption. With more and more sites moving to HTTPS, these sites and the consumption are no longer being counted in the Web Filter / Web Filter Lite reports. While Bandwidth Control does allow for this usage, it is not available for "Lite" installations.

I manage three "Premium" servers and have installed a "Lite" on to manage a home network with between 15 and 20 devices. There is no budget to include the "Bandwidth Control" module there.

Firewall does show the sessions but only by "Hits" and not by "Size" which is not useful.

Is there something I'm missing or should I be looking for something my own solution outside of Untangle?

PhiNor
Search

AdBlock Plus to Ad Blocker filter conversion

April 1, 2013, 7:05 am
$
0
0
After lots of trial and error, it appears the way that Untangle Ad Blocker works is that it matches a filter rule to the URL of the web resource (page, css, js, image, etc.) Only the wild card * works. Items found in the AdBlock Plus filter list (^, ||, $third-party, etc.) don't work. These elements then should be removed from the AdBlock Plus filter list. I Chose the EasyList No Element Hide because Ad Blocker can't hide elements either.

To accomplish this, I modified the script by WebFooL to do the following:

  • Downloads latest EasyList No Element Hide list
  • Strips out first line
  • Strips out lines with ! since they are comments
  • Strips out lines with @@ since they are pass rules
  • Remove everything to the right of $ since this is usually third-party or other helpers
  • Remove empty lines


You can get it at GitHub https://github.com/fsSnowboard/Untan...lter-Converter or copy it below.

Known Issue: At this time, the output files cause Ad Blocker to block too much, and some root domains. I haven't had time to look into this issue yet.

Code:
<?php
/* ********************************************* */
/* Original script by WebFooL on Untangle Forums */
/* Modifications by fsSnowboard */
/* */
/* Use at your own risk */
/* ********************************************* */


$remote_filter_list = "https://easylist-downloads.adblockplus.org/easylist_noelemhide.txt";
$timezone_adjust = 60 * 60 * 7; //Currently set to EST

$Content = "./easylist_noelemhide.txt";

$lines = file($Content);

$last_modified = preg_replace('/! Last modified: /', '', $lines[3]);
$last_modified_time = strtotime($last_modified);
echo "File last modified: ". $last_modified ." (".$last_modified_time.")</br>\n";

$date_match_time = time() - (60 * 60 * 24 * 5) + $timezone_adjust;
echo "Date Match time (only used for matching if last modified is less than current date): ". $download_date_match ."(".$date_match_time.")</br>\n";

$download_match_time = $last_modified_time + (60 * 60 * 24 * 5) + $timezone_adjust;
$download_date_match = date("d M Y H:i T", $date_match_time);

echo "New download on: ". date("d M Y H:i", $download_match_time) ." (".$download_match_time.")</br>\n";

if($last_modified_time <= $date_match_time) {
echo "File is 5 days old, downloading new one.";
//if file is 5 days old, download new one
$new_easylist = file_get_contents($remote_filter_list);
file_put_contents("easylist_noelemhide.txt", $new_easylist);

//read new file
$Content = "./easylist_noelemhide.txt";
$lines = file($Content);
}



$badcharacters = array("#", '"', "'", "[", "]", "^", "\n", "\t", "\r", "||");


unset($lines[0]); //Line 0 is [Adblock Plus 2.0] and not needed



foreach ($lines as $key => $value) {
//strip out lines begining with ! because they are comments
    if($value{0} == "!") {
    unset($lines[$key]);
    }
}

//remove line with @@ which are pass rules
foreach ($lines as $key => $value) {
    if($value{0} == "@" && $value{1} == "@") {
    unset($lines[$key]);
    }
}

//foreach ($lines as $key => $value) {

    //strip everything to the right and including ^
    //$pos = strpos($value, "^");
//if ($pos !== FALSE) {
// //echo $key." ".$pos."\n";
// //echo "part:". substr($value, 0, $pos)."\n";
// //echo "full:".$value."\n";
    // $lines[$key] = substr($value, 0, $pos);
    //}
//}

//strip everything to the right of $
foreach ($lines as $key => $value) {
    $pos = strpos($value, '$');
    if ($pos !== FALSE) {
$lines[$key] = substr($value, 0, $pos);
}
}

//Remove empty lines
foreach ($lines as $key => $value) {
    if($value == "") {
    unset($lines[$key]);
    }
}

//strip out bad characters
foreach ($lines as $key => $value) {
$lines[$key] = str_replace($badcharacters, "", $value);
}

$lines = array_values(array_unique($lines)); //repair index

echo "Filter Items: ". count($lines) ."<br />\n";

$linesSplit = array_chunk( $lines, 2000 );
//print_r($linesSplit);


$i = 0;
foreach ($linesSplit as $inner_array) {
    $i++;
    $fp = fopen('ABimport'.$i.'.json', 'w');
    $filestart = "[";
    fwrite($fp, $filestart);
    while (list($key, $value) = each($inner_array))
    {
        //$cleanstr = str_replace($badcharacters, "", $value);
    $store = '{"enabled":true,"string":"'.$value.'","javaClass":"com.untangle.uvm.node.GenericRule"},';
fwrite($fp, $store);
    }
    $fileend = "]";
    fwrite($fp, $fileend);
    fclose($fp);
}
?>
I don't consider myself a programmer, so the code could probably be more efficient, but it works.

spam filtering on forwarded messages?

April 1, 2013, 10:38 am
$
0
0
Question:

I have a2hosting for our .com domain email. I forward certain accounts to my internal Exchange server, which is a .net domain. I get a lot of spam from the info@ and contact@ .com addresses. (naturally). What is strange is, I simply do not see them appearing in the spam blocker page, even as passed. It seems like they are simply making it through without being logged. Other mail seems to be flowing normally, I see things sent to my direct .net email which are being dropped, and some safelist stuff etc. What I see no logs of, is any of the spam I am getting from the contact@interspacetech.com email forwarded to my .net email. Is this normal?

I would normally set my Exchange server as authoritative for .net and .com and just set the MX record on a2hosting, but we have it set up this way as something of a poor man's disaster recovery option. If something happens to the Exchange server or the office, we could easily still access mail sent to .com as its all still stored on the domain mail servers after being forwarded.

Here's the message after being received into Exchange:

Quote:
Received: from a2s78.a2hosting.com (216.119.143.98) by MAIL.interspacetech.net
(192.168.10.12) with Microsoft SMTP Server (TLS) id 14.1.438.0; Mon, 1 Apr
2013 17:44:22 -0400
Received: from mail-ia0-f182.google.com ([209.85.210.182]:59674) by
a2s78.a2hosting.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.80)
(envelope-from <jrodder@gmail.com>) id 1UMmWa-002uDL-T9 for
contact@interspacetech.com; Mon, 01 Apr 2013 17:44:22 -0400
Received: by mail-ia0-f182.google.com with SMTP id u8so2227853iag.41
for <contact@interspacetech.com>; Mon, 01 Apr 2013 14:44:20 -0700
(PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=mime-version:x-received:date:message-id:subject:from:to
:content-type;
bh=7iue2SrT60vagzoxL7YS6/9xk9uKpyvXGoRuFKQzlTc=;
b=bRLVgfliqwrOhuDXRf31zpMvZgsOoCW0phWQD5CW5wbYZkwD/VwdMUyAn3oxocEF22
mGLpLsj+xoGzrWGrMEWWDSKdO1dU4hVtueMnN/PWEk+5DHQOoNMsSNpBXXVTAszRk1Tr
C2vdrYl4B+wXjSiTZA9ctvIn91LUq0EgtOOCOt0ouvmjFWvJt9 Pc/1m+2Hk8ZhfTpSuO
9/2zTcK/egAZYUx1B8Q83WgA+5C1r/+4Bl2hYPphFN4mfY0laRzO9qp8EXpj60mQxn4a
KehojRLw/AjXIB+G2CO6t5cfaIxCKKLgtgY9JEpfnIsAgokvSK3TOT/k1qX+t/yQlDJW
UDzw==
MIME-Version: 1.0
X-Received: by 10.50.12.133 with SMTP id y5mr4047530igb.108.1364852659976;
Mon, 01 Apr 2013 14:44:19 -0700 (PDT)
Received: by 10.64.24.16 with HTTP; Mon, 1 Apr 2013 14:44:19 -0700 (PDT)
Date: Mon, 1 Apr 2013 17:44:19 -0400
Message-ID: <CAPnoQgmaG+Lh2Hrq9ndmB9X_5XtZUVz=BKejN_bJ0p+pnQzb FQ@mail.gmail.com>
Subject: test
From: Jared Clark <jrodder@gmail.com>
To: <contact@interspacetech.com>
Content-Type: multipart/alternative; boundary="14dae9340f1df8032e04d9538529"
X-Spam-Status: No, score=-0.8
X-Spam-Score: -7
X-Spam-Bar: /
X-Ham-Report: Spam detection software, running on the system "a2s78.a2hosting.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.

Content preview: test test [...]

Content analysis details: (-0.8 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(jrodder[at]gmail.com)
-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low
trust
[209.85.210.182 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
X-Spam-Flag: NO
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - a2s78.a2hosting.com
X-AntiAbuse: Original Domain - interspacetech.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - gmail.com
X-Get-Message-Sender-Via: a2s78.a2hosting.com: mailgid no entry from get_relayhosts_entry
X-Source:
X-Source-Args:
X-Source-Dir:
Return-Path: jrodder@gmail.com
X-MS-Exchange-Organization-AuthSource: MAIL.interspacetech.net
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-PRD: gmail.com
X-MS-Exchange-Organization-SenderIdResult: Neutral
Received-SPF: Neutral (MAIL.interspacetech.net: 216.119.143.98 is neither
permitted nor denied by domain of jrodder@gmail.com)
What I fail to understand is how/why mail being forwarded is being ignored by UT?

Configuration to retain DHCP on AD server

April 1, 2013, 5:22 pm
$
0
0
Good day,

I have the following network configuration:

Network01.JPG

Wireless router has DHCP deactivated and DHCP from AD server points the gateway to the router.


Based on the Bridge mode topology for untangle, I should be connecting like this:

Network02.JPG

But how would I be setting the IP??? There is no DHCP turned on on the wireless router to assign one IP to the EXT nic of Untangle. Can I set it manually with for example 192.168.0.2 with gateway as 192.168.0.1? Or do I have to do a different configuration to keep the DHCP on the AD server?

Thanks
Attached Images

LAN to Client OpenVPN

April 2, 2013, 11:46 am
$
0
0
I am trying to connect using RDP from the LAN to a client workstation over OpenVPN. One thread suggested adding the External IP space to the Exported Hosts & Networks section of the OpenVPN. So I tried that and I get this from UT

The connection to the server has been lost.
Press OK to return to the login page.

An error has occured: JSONRpcClientException: arg 1 could not unmarshall

I mean, I like to not unmarshall as much as the next guy, but I really have no idea what's going on here. Especially because it won't let me add the External IP Space.

I would like to be able to ping and RDP into my clients connected to the VPN and could use some direction.

Thanks

connect to the IPv6 Internet via a tunnel broker

April 2, 2013, 1:43 pm
$
0
0
Wondering what the chances are of using Untangle to connect to the IPv6 Internet via a tunnel broker such as Hurricane Electric?

I know it's not possible with the current build of Untangle, but are there any plans in the future for this functionality?

日本でのUntangleサポート

April 2, 2013, 3:18 pm
$
0
0
日本でのパートナ会社が決まったようです。
※こめんなさい:worship:。代理店かもしれません。

これからは、その会社が日本語対応などを行ってくれると思います。
購入価格はわかりませんが、何らかの発表でもあるかと思います。
もしかしたらないかもしれません。。。;)

ホームユースでないのがちょっと残念です。
一般家庭向けの低価格であれば面白いと思うのですが。。。

Install 32 bit on HP DL360 G4 1U server

April 3, 2013, 6:10 am
$
0
0
Just passing along my notes as it may benefit someone else.

I had two old HP DL360 G4 units that I used for Untangle for years, one for production and one for cold spare and had occasion to reinstall UT last weekend. Installing Untangle was an adventure/nightmare, depending on perspective.

You cannot install through the front face USB port. It completes nicely, but then cannot boot after the install.
You must use a CD to install. The rear USB port may work, I did not try that.
The embedded HP 6i RAID controller in RAID1 is compatible, but only in its default settings with two drives. I think I rebooted the server literally a dozen times trying to find a hard drive configuration that worked. Some units may have an embedded SATA controller, but mine don't, so I was forced to use the 6i RAID.
I did not try installing 64 bit Untangle, was too tired after getting 32 bit on.
Search

Supermicro 512F-280B question - should this unit work for Untangle?

April 3, 2013, 7:38 am

Multi wan ISP

April 3, 2013, 8:13 am
$
0
0
Hello everyone

I have followed the documentation on how to setup multi wan, and it works, however our ISP allocated another small block to my network, I'm not sure what to do next.

I have added another PCI Ethernet card to my UT box but its not showing up in UT, is the maximum interfaces supported by UT is limited to 3 (WAN,LAN,DMZ)?

keep in mind I have added an identical card to the one I'm currently using in my box, and this NIC has been tested on another ubuntu box and I'm positive that it works.

IPSEC encryption/integrity

April 3, 2013, 8:18 pm
$
0
0
I'm connecting from Untangle IPSec to a another firewall. They're using in Phase 1, one of the following combinations below:

Encryption: AES (256 bit)
Integrity: SHA1

or

Encryption: 3DES
Integrity: MD5

It's not possible to change the client settings. As far as know, by default Untangle IPSec uses 3DES with SHA1.

How can I modify Untangle settings for this connection via shell? I'd like to modify those settings and make them permanent just for that connection.

Can you help me?

Problems using Captive Portal (9.3) Configuration with 9.4 Untangle

April 4, 2013, 6:03 am
$
0
0
Good Morning,
After exporting and backing up our capture rules and custom capture page, I am unable to use them with the 9.4 version of Untangle. The .json file that I exported get this error when importing: "Import failed. Imported file contains 3 invalid records and no valid records."

The captive page gives me this error: "The uploaded ZIP file does not contain custom.html or custom.py"

Any ideas as to why this is happening?

Thank you for your help!
B2

How to block Google and Yahoo! Images (v9.4)

April 4, 2013, 7:57 am
$
0
0
Hi all,
In previous versions of Web Filter Lite, I used rules to block Google and Yahoo! images if a user searched for inappropriate things. I added the following to the edit sites list:
*google*tbm=isch*
*google*tbm=vid*
*yahoo*tbm=isch*
*yahoo*tbm=vid*

These rules are not being blocked any longer with Untangle version 9.4 (example: doing a search for breasts w/Google Images). Any ideas? I'm actually seeing a lot of other ways to get around Web Filter Lite since my version upgrade. What can I do to ensure these categories are actually getting blocked? Of course, entering every website is impossible so is there another option?

Thank you,
B2

event processing is slow warning - not sure where to look

April 5, 2013, 6:16 am
$
0
0
Not sure where else to put this.

I have noticed that our Untangle box is getting bogged down lately and causing a bottleneck in our network since all traffic is routed through it. The CPU usage during these times spikes to High and then drops to medium after awhile and then finally to low where is usually is. I haven't made any config changes to this box at all and it has been running fine for a long time.

There is an alert at the top of the control panel that says 'Event processing is slow. Data retention may be too high. Check reports settings.'

We have made no changes to the reports settings. We do a daily report and a weekly report to be generated @ 2 am. Disk spaces is 132Gb free out of 155Gb so it's not disk space. I really do not know where to look to figure out what the problem is. Any help would be appreciated.

if it is relevant:
Build: 9.4.0~svn20130131r33881release9.4-1lenny
Kernel: 2.6.26-2-untangle-686

DHCP, Captive Portal, and Directory Connector Script

April 5, 2013, 7:33 am
$
0
0
Let me explain:

I have a school environment with Windows domain connected computers. Teachers can bring their personal laptops which are not domain connected. The active directory connector script authenticates the domain connected computers, and Captive Portal authenticates the laptops (the capture rule in CP is limited to "User" "is NOT" "[authenticated]"). This worked well.

Recently, the school was on vacation for a week and a half. Becasue of this, DHCP leases expired. Upon returning to school, the laptops are no longer prompted for a CP login. After much sweat, I figured out that the DHCP addresses assinged to the laptops used to be from the Domain computers, and the logins via the AD script never timed out. Therefore, people are being assigned the wrong policies, and can not change them without either being told to manually execute a logout script or browse to the link that the logout script goes to.

I would report this on bugzilla, but I figured I would start here. The solution is to allow an option to timeout logins via the connector script. (Optional and not manditory because those that are using the "logout" modification to the script will have a problem because their script isn't looping).

This really brings me to feel that the Connector Script is quite primitive. Firstly, it loops for backgrounded users, so if multiple users are logged in to a Windows computer, the policy will keep changing when each "loop" in the script takes effect for each user. The logout modification helps somewhat... but when one user logs out it messes up the other users that are logged in:
http://forums.untangle.com/directory...witchuser.html
Search

Sessions being reset every 55-60 Seconds

April 5, 2013, 11:06 pm
$
0
0
Huge problem all external to internal traffic.
HTTPS over RPC, CHAT client etc is being reset every 60 sec give or take a few sec.

Powering off all Applications in the Rack and the same result.

Adding a Bypass form my External IP then the Sessions will stay active.

Any suggestions except from waiting on support to get to ticket 10127.

Untangel Bridge Mode GRR

April 6, 2013, 7:42 am
$
0
0
am i doing somethign wrong or do i need to do some special settings ? Im using bridge mode, and every day i have to reboot the router or it doesn't go on the internet.

IF i connect keyboard and mouse to the Untangle box, i can open a tab up and surf the internet..

Help ?


Bridge_mode.png
Attached Images

Untangle Router Mode | Updates via Proxy?

April 6, 2013, 10:04 pm
$
0
0
Hello,

I am having difficulty finding a setting to allow my updates to be downloaded from a web proxy.
I am setting up in a competition and currently I am working on configuring Untangle 940 x64.

Here is some info,

The Untangle server is built in a virtual setting and its set in 'Router Mode', as I want it to be my gateway with all my computers behind it for a line of defense and intrusion detection.

The competition network is like a mini internet, completely closed out and private from the rest of the world, and the ONLY way to access the outside is using there proxy with this IP and Port... 199.100.16.100, port 3128

Since Untangle can't do software updates because It can't reach the update/package server, I need to be able to have the server use that IP and port to get the updates, and I have not been able to find any setting to change that... anywhere.

I could REALLY use some help.

My internet Client loss their Internet access

April 7, 2013, 11:04 pm
$
0
0
Good Day I'm a new User of Untangle
I'm using Untangle Build: 9.4.0~svn20130131r33881release9.4-1lenny
Kernel: 2.6.26-2-untangle-686


The problems That I'm encountering are:

My internet Client loss their Internet access every 5pm.

Hiding the new Captive Portal key/door image

April 8, 2013, 7:23 am
$
0
0
I really don't like the new stick figure key/door image for Captive Portal. I detest it. So much so, that I no longer show it on any of my captive pages, and I wanted to share with others an easy way to get rid of it.

Just paste the following text to the bottom of the "message text" box in the setup area for any captive page to hide the image for that page:

Code:
<script>
var imgs = document.getElementsByTagName('img');
for(var i = 0,il=imgs.length;i<il;i++)
{
  if(imgs[i].title === 'Captive Portal')
      imgs[i].style.display = 'none';
}
</script>
Assuming javascript is not disabled, that will hide the ugly Captive Portal image. If you want to show something else instead just hiding it, you can modify that to say imgs[i].src = 'your image url here'; instead of setting the display to none.
Viewing all 5188 articles
Browse latest View live
Search