Re: [pfSense Support] PF and UT not working
ram wrote: On Wed, Jul 30, 2008 at 7:03 PM, Curtis LaMasters [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: This may have been beaten to death now but if UT is truely in a bridge mode, you shouldn't need an IP address on it except for management. If that is the case, I could change the IP of UT to something in the private range and see if your issues clear up. What is your internet connection. I am going to assume a cable or DSL modem of some sort. What may be happeing is your cable modem sees the IP of your PF box and the MAC of your UT box and somehow not getting the rest of the ARP information. Hi yes as per the suggestion i have changed UT box IP to another range for checking but still i get authentication success, and takes lot of time to resolve domain, and lost the connection. I have Dedicated Internet, and own DNS Server in my network. If i remove UT from network i can get all the things working perfect with out any issue but when i involve UT in bridge mode i am having this problem.. but when i add UT in bridge mode with CP, it works charm but iam adding Pfsense in my network for loadbalance and failover and capitive portal since UT does not have capabilities to do the same job what iam looking any suggestions or most welcome ram This thread has gone way past pfSense support and now into the realms of UT support. Since the problem, at least from what we are able to surmise from the small amount of substance in your posts, seems to be entirely with UT, I'd encourage you to take up this conversation with the UT community. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] PF and UT not working
This may have been beaten to death now but if UT is truely in a bridge mode, you shouldn't need an IP address on it except for management. If that is the case, I could change the IP of UT to something in the private range and see if your issues clear up. What is your internet connection. I am going to assume a cable or DSL modem of some sort. What may be happeing is your cable modem sees the IP of your PF box and the MAC of your UT box and somehow not getting the rest of the ARP information. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
Re: [pfSense Support] PF and UT not working
On Wed, Jul 30, 2008 at 7:03 PM, Curtis LaMasters [EMAIL PROTECTED] wrote: This may have been beaten to death now but if UT is truely in a bridge mode, you shouldn't need an IP address on it except for management. If that is the case, I could change the IP of UT to something in the private range and see if your issues clear up. What is your internet connection. I am going to assume a cable or DSL modem of some sort. What may be happeing is your cable modem sees the IP of your PF box and the MAC of your UT box and somehow not getting the rest of the ARP information. Hi yes as per the suggestion i have changed UT box IP to another range for checking but still i get authentication success, and takes lot of time to resolve domain, and lost the connection. I have Dedicated Internet, and own DNS Server in my network. If i remove UT from network i can get all the things working perfect with out any issue but when i involve UT in bridge mode i am having this problem.. but when i add UT in bridge mode with CP, it works charm but iam adding Pfsense in my network for loadbalance and failover and capitive portal since UT does not have capabilities to do the same job what iam looking any suggestions or most welcome ram
Re: [pfSense Support] PF and UT not working
rant You've also dodged several attempts at actually telling us what services are in use on your Untangle box. Simply saying all of them are enabled doesn't tell those of us who are not familiar with Untangle much about your setup. Your subnet configuration would also be helpful instead of just saying yes as per the suggestion i have changed UT box IP to another range... what range? Is it the same as your pfSense box? How about a diagram with your configuration? Anything? Also, the problem does not appear to be pfSense related. It would be quite a bit more appropriate to get in touch with the Untangle support forums/mailing lists/etc instead of reiterating that your problem lies with a product unrelated to this list. Take your pick... tell us something useful... or bring your problem to the appropriate arena where it can be dealt with. But please stop posting useless drivel that contains no useful information whatsoever. /rant Tim Nelson Systems/Network Support Rockbochs Inc. - Original Message - From: ram [EMAIL PROTECTED] To: support@pfsense.com Sent: Wednesday, July 30, 2008 12:36:31 PM GMT -06:00 US/Canada Central Subject: Re: [pfSense Support] PF and UT not working On Wed, Jul 30, 2008 at 7:03 PM, Curtis LaMasters [EMAIL PROTECTED] wrote: This may have been beaten to death now but if UT is truely in a bridge mode, you shouldn't need an IP address on it except for management. If that is the case, I could change the IP of UT to something in the private range and see if your issues clear up. What is your internet connection. I am going to assume a cable or DSL modem of some sort. What may be happeing is your cable modem sees the IP of your PF box and the MAC of your UT box and somehow not getting the rest of the ARP information. Hi yes as per the suggestion i have changed UT box IP to another range for checking but still i get authentication success, and takes lot of time to resolve domain, and lost the connection. I have Dedicated Internet, and own DNS Server in my network. If i remove UT from network i can get all the things working perfect with out any issue but when i involve UT in bridge mode i am having this problem.. but when i add UT in bridge mode with CP, it works charm but iam adding Pfsense in my network for loadbalance and failover and capitive portal since UT does not have capabilities to do the same job what iam looking any suggestions or most welcome ram
RE: [pfSense Support] PF and UT not working
Okay... if I understand correctly, now it seems you are able to see the authentication screen. But once authenticated, you still don't get out. Try turning off MAC checking in pfSense's captive portal setup. - Jason From: ram [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 30, 2008 12:37 PM To: support@pfsense.com Subject: Re: [pfSense Support] PF and UT not working On Wed, Jul 30, 2008 at 7:03 PM, Curtis LaMasters [EMAIL PROTECTED] wrote: This may have been beaten to death now but if UT is truely in a bridge mode, you shouldn't need an IP address on it except for management. If that is the case, I could change the IP of UT to something in the private range and see if your issues clear up. What is your internet connection. I am going to assume a cable or DSL modem of some sort. What may be happeing is your cable modem sees the IP of your PF box and the MAC of your UT box and somehow not getting the rest of the ARP information. Hi yes as per the suggestion i have changed UT box IP to another range for checking but still i get authentication success, and takes lot of time to resolve domain, and lost the connection. I have Dedicated Internet, and own DNS Server in my network. If i remove UT from network i can get all the things working perfect with out any issue but when i involve UT in bridge mode i am having this problem.. but when i add UT in bridge mode with CP, it works charm but iam adding Pfsense in my network for loadbalance and failover and capitive portal since UT does not have capabilities to do the same job what iam looking any suggestions or most welcome ram
Re: [pfSense Support] PF and UT not working
On Mon, Jul 28, 2008 at 1:44 PM, ram [EMAIL PROTECTED] wrote: On Mon, Jul 28, 2008 at 1:02 PM, Jason J. Ellingson [EMAIL PROTECTED]wrote: As RB would say... I'm not contributing to the answer, but helping to give understanding to the problem... Untangle, while in bridged mode still really needs its own IP since one of its primary features is to send daily reports as well as to provide access to quarantined emails. This makes it difficult to put a bridged Untangle outside of pfSense in a normal home environment as most ISPs will only provide one IP (which pfSense would use). Also, another reason to keep Untangle on the inside is to allow per-IP (or per-user if the Active Directory module is installed) rules and reporting features. If ram wants to keep these features (and he likely does) he may need to look into switching Untangle into standard router mode (instead of bridged) and then choose to either double-NAT'ing (easy but I shudder at double NAT'ing) or setting up routes in both boxes allowing only pfSense to do the NAT (a bit more work, and ram may not know how to set it up). Ok let me clarify here what i understand I route some of IP from Pfsense to UT, so UT uses the same IP in WAN and setup DHCP range IP from the routed IP's in UT and Route them back to Pfsense to handle CP is this correct. let me try what i understand now here. Hi i have routed some of the IP to UT box and UT act as DHCP Server after authentication, iam not able to resolve the domain name and browse try to add IP address and browse still not success any one have some suggestions ram
RE: [pfSense Support] PF and UT not working
As RB would say... I'm not contributing to the answer, but helping to give understanding to the problem... Untangle, while in bridged mode still really needs its own IP since one of its primary features is to send daily reports as well as to provide access to quarantined emails. This makes it difficult to put a bridged Untangle outside of pfSense in a normal home environment as most ISPs will only provide one IP (which pfSense would use). Also, another reason to keep Untangle on the inside is to allow per-IP (or per-user if the Active Directory module is installed) rules and reporting features. If ram wants to keep these features (and he likely does) he may need to look into switching Untangle into standard router mode (instead of bridged) and then choose to either double-NAT'ing (easy but I shudder at double NAT'ing) or setting up routes in both boxes allowing only pfSense to do the NAT (a bit more work, and ram may not know how to set it up). - Jason -Original Message- From: sai [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2008 12:12 AM To: support@pfsense.com Subject: Re: [pfSense Support] PF and UT not working how is your network setup? 1 PC ---switch UT ---pfsense or 2 PC ---switch ---pfsense UT I would suggest trying 2 since you just want the CP on pfsense sai - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] PF and UT not working
On Mon, Jul 28, 2008 at 10:42 AM, sai [EMAIL PROTECTED] wrote: how is your network setup? 1 PC ---switch UT ---pfsense or 2 PC ---switch ---pfsense UT I would suggest trying 2 since you just want the CP on pfsense UT recomends always to be between user and Firewall, otherwise it say no use. ram
Re: [pfSense Support] PF and UT not working
On Mon, Jul 28, 2008 at 1:02 PM, Jason J. Ellingson [EMAIL PROTECTED]wrote: As RB would say... I'm not contributing to the answer, but helping to give understanding to the problem... Untangle, while in bridged mode still really needs its own IP since one of its primary features is to send daily reports as well as to provide access to quarantined emails. This makes it difficult to put a bridged Untangle outside of pfSense in a normal home environment as most ISPs will only provide one IP (which pfSense would use). Also, another reason to keep Untangle on the inside is to allow per-IP (or per-user if the Active Directory module is installed) rules and reporting features. If ram wants to keep these features (and he likely does) he may need to look into switching Untangle into standard router mode (instead of bridged) and then choose to either double-NAT'ing (easy but I shudder at double NAT'ing) or setting up routes in both boxes allowing only pfSense to do the NAT (a bit more work, and ram may not know how to set it up). Ok let me clarify here what i understand I route some of IP from Pfsense to UT, so UT uses the same IP in WAN and setup DHCP range IP from the routed IP's in UT and Route them back to Pfsense to handle CP is this correct. let me try what i understand now here. ram
Re: [pfSense Support] PF and UT not working
On Fri, Jul 25, 2008 at 9:16 PM, Tim Nelson [EMAIL PROTECTED] wrote: I agree... and also try completely removing the Untangle box from the network to see if the problem clears up. Hi thanks all the people support. let me clarify as the people asking why iam using both the product simple reason, UT does not have capitive portal. then coming to UT and Pf problem, i have removed UT from bridge mode and connect directly PC, capitive portal works charm. when i itroduce UT in bridge mode, it does not work , authentication go smooth, then i wont be able to browse. i have made all the services OFF, but no use. I have posted the same problem at UT Forum one of the moderator replies this Fact of captive portal which is MAC based, and UT is a b-router so passing it's own MAC. See the m0n0wall and pfsense mail lists for support on that. (Which for m0n0wall might be me) any one have clue how to resolve this problem ram
Re: [pfSense Support] PF and UT not working
simple reason, UT does not have capitive portal. So you're just wanting to use the captive portal on pfSense? What services on the UT are you using? Fact of captive portal which is MAC based, and UT is a b-router so passing it's own MAC. See the m0n0wall and pfsense mail lists for support on that. (Which for m0n0wall might be me) The pfSense captive portal is not necessarily MAC-based, there are pretty obvious options in the CP configuration pages that allow you to change that. Not sure what a 'b-router' is, but if the UT is in bridge mode it should be passing all the client MACs through to the pfSense box untouched. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] PF and UT not working
On Sun, Jul 27, 2008 at 7:03 PM, RB [EMAIL PROTECTED] wrote: simple reason, UT does not have capitive portal. So you're just wanting to use the captive portal on pfSense? What services on the UT are you using? iam using all the Services of UT, iam using PF for authentication and DHCP Server Fact of captive portal which is MAC based, and UT is a b-router so passing it's own MAC. See the m0n0wall and pfsense mail lists for support on that. (Which for m0n0wall might be me) The pfSense captive portal is not necessarily MAC-based, there are pretty obvious options in the CP configuration pages that allow you to change that. Not sure what a 'b-router' is, but if the UT is in bridge mode it should be passing all the client MACs through to the pfSense box untouched. yes when we call bridge mode, it suppose to do the same but the moderator ( or one of the member) says to me that just thinking on the same. But after changing manythings but still no luck for the user PC still not able to browse. but i could able to get authentication page. any more suggestions ram
Re: [pfSense Support] PF and UT not working
Does Untangle have the ability to do a TCP dump? I could enable that in the inside interface and then the outside interface on UT, compare the two and see what you come up with. It may be worthwhile to do this on the external side of pf as well. If UT's bridge mode is truly bridge, then you should have no issues. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
Re: [pfSense Support] PF and UT not working
On Sun, Jul 27, 2008 at 8:22 AM, ram [EMAIL PROTECTED] wrote: iam using all the Services of UT, iam using PF for authentication and DHCP Server Since you seem either uninterested or incapable of telling us anything other than I have object foo with all the knobs turned on and most of us probably couldn't care less what UT is or does (other than John), I'm going to make a wild, random, stab-in-the-dark suggestion: put the UT box outside of pfSense. If you really have turned off all the services and it's still interfering, there is something it is doing under the covers that interferes with the normal function of a captive portal. Put it outside; unless it's extraordinarily poorly engineered or weirdly dependent on L2, you probably won't even know the difference. RB - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] PF and UT not working
Mr RB I belive you do not have Idea what exactly UT Does UT claims that they have webfilter, IDS, Firewall, SPAM protection lot more you can refer their features, ( iam yet to test) so iam not comparing the any products here, so iam not going to do marketing call since i have situation where UT and PF not working. Since UT does not have CP option so i have force to use PF in this network and UT as a transparent bridge to deliver me reports and other services so iam going to capture packets on the WAN and LAN interface and see where exactly this dropping packets I consider your suggestions other post i have clearly mentioned that, after removing the box from network iam able to use CP with out any issue but issue when i add UT in to network as bridge mode ram Since you seem either uninterested or incapable of telling us anything other than I have object foo with all the knobs turned on and most of us probably couldn't care less what UT is or does (other than John), I'm going to make a wild, random, stab-in-the-dark suggestion: put the UT box outside of pfSense. If you really have turned off all the services and it's still interfering, there is something it is doing under the covers that interferes with the normal function of a captive portal. Put it outside; unless it's extraordinarily poorly engineered or weirdly dependent on L2, you probably won't even know the difference. RB - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] PF and UT not working
On Sun, Jul 27, 2008 at 12:04 PM, Curtis LaMasters [EMAIL PROTECTED] wrote: Does Untangle have the ability to do a TCP dump? I could enable that in the inside interface and then the outside interface on UT, compare the two and see what you come up with. It may be worthwhile to do this on the external side of pf as well. If UT's bridge mode is truly bridge, then you should have no issues. Yeah this is also what I would recommend. See what it's showing on both sides. Since it works without UT inline, and you add UT and it stops working, I think you might find better help through UT's support since it's causing the issue. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] PF and UT not working
how is your network setup? 1 PC ---switch UT ---pfsense or 2 PC ---switch ---pfsense UT I would suggest trying 2 since you just want the CP on pfsense sai On Sun, Jul 27, 2008 at 9:53 PM, Chris Buechler [EMAIL PROTECTED] wrote: On Sun, Jul 27, 2008 at 12:04 PM, Curtis LaMasters [EMAIL PROTECTED] wrote: Does Untangle have the ability to do a TCP dump? I could enable that in the inside interface and then the outside interface on UT, compare the two and see what you come up with. It may be worthwhile to do this on the external side of pf as well. If UT's bridge mode is truly bridge, then you should have no issues. Yeah this is also what I would recommend. See what it's showing on both sides. Since it works without UT inline, and you add UT and it stops working, I think you might find better help through UT's support since it's causing the issue. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] PF and UT not working
any one have idea, where iam doing wrong ? Perhaps if you made it a little more clear why you're using two firewall products in-line of each other and what role they're each expected to play. There's likely some unexpected interplay between the two, particularly with the effective MITM a captive portal is. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] PF and UT not working
It is likely that they are doing as I do... Use pfSense for firewall and VPN, while using Untangle for strictly filtering purposes (web, mail, etc) and not firewalling. - Jason -Original Message- From: RB [mailto:[EMAIL PROTECTED] Sent: Friday, July 25, 2008 8:36 AM To: support@pfsense.com Subject: Re: [pfSense Support] PF and UT not working any one have idea, where iam doing wrong ? Perhaps if you made it a little more clear why you're using two firewall products in-line of each other and what role they're each expected to play. There's likely some unexpected interplay between the two, particularly with the effective MITM a captive portal is. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] PF and UT not working
On Fri, Jul 25, 2008 at 8:20 AM, Jason J. Ellingson [EMAIL PROTECTED] wrote: It is likely that they are doing as I do... Use pfSense for firewall and VPN, while using Untangle for strictly filtering purposes (web, mail, etc) and not firewalling. The conjecture is appreciated, but unless you're experiencing the same problem (CP doesn't work with bridged Untangle) I'm not sure it's valid. If you are having the same problem or have solved it already, please do share. I can guess what the problem is and a likely fix, but that's irrelevant (and presumptive) until the 'customer' more clearly states the problem. They're both network control devices that have been developed with differing philosophies and are not explicitly designed to work together. Hence, the need to know *precisely* what role the Untangle device is playing in their network. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] PF and UT not working
ram, This is a bit of a shot in the dark, but try turning off services in Untangle... until they are all off. It may be that one of them (like the Intrusion Detection module) is detecting something it doesn't like. - Jason From: ram [mailto:[EMAIL PROTECTED] Sent: Friday, July 25, 2008 3:41 AM To: support@pfsense.com Subject: Re: [pfSense Support] PF and UT not working On Thu, Jul 24, 2008 at 6:18 PM, Tim Nelson [EMAIL PROTECTED] wrote: It sounds like google.com http://google.com/ is not resolving when you have captive portal enabled. Make sure you have the DNS servers that are assigned to your users in the list of allowed outbound IPs in captive portal. Hi thanks for the reply I have added that IP address in to that Allow IP place but still no success... any other suggestions, looks like some where the packets are dropping. any one have idea, where iam doing wrong ? ram
Re: [pfSense Support] PF and UT not working
I agree... and also try completely removing the Untangle box from the network to see if the problem clears up. Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 - Original Message - From: Jason J. Ellingson [EMAIL PROTECTED] To: support@pfsense.com Sent: Friday, July 25, 2008 10:38:54 AM GMT -06:00 US/Canada Central Subject: RE: [pfSense Support] PF and UT not working ram, This is a bit of a shot in the dark, but try turning off services in Untangle... until they are all off. It may be that one of them (like the Intrusion Detection module) is detecting something it doesn't like. - Jason From: ram [mailto:[EMAIL PROTECTED] Sent: Friday, July 25, 2008 3:41 AM To: support@pfsense.com Subject: Re: [pfSense Support] PF and UT not working On Thu, Jul 24, 2008 at 6:18 PM, Tim Nelson [EMAIL PROTECTED] wrote: It sounds like google.com is not resolving when you have captive portal enabled. Make sure you have the DNS servers that are assigned to your users in the list of allowed outbound IPs in captive portal. Hi thanks for the reply I have added that IP address in to that Allow IP place but still no success... any other suggestions, looks like some where the packets are dropping. any one have idea, where iam doing wrong ? ram
Re: [pfSense Support] PF and UT not working
It sounds like google.com is not resolving when you have captive portal enabled. Make sure you have the DNS servers that are assigned to your users in the list of allowed outbound IPs in captive portal. Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 - Original Message - From: ram [EMAIL PROTECTED] To: support@pfsense.com Sent: Thursday, July 24, 2008 4:19:04 AM GMT -06:00 Guadalajara / Mexico City / Monterrey Subject: [pfSense Support] PF and UT not working Hi I have installed Untangle and PF together in the network the flow looks like below users-crosscableeth0(untangle-bridgemode)-eth1(croscable)eth1---PF---eth0--Internet above setup works fine , with out any issue but when i enable capitive portal iam not able to access the login page, in the browser of PC type google.com it keep searches, i dont get any results but when i disable capitive portal, iam able to browse google.com what is wrong, can some one suggest me where to test, what is the way to make itwork above config ram