Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 5082 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

after simplest clean install can not access the WAN / Internet

cmp828

Can't access WAN. Reloaded clean on different server, most simple default install.

What am I missing or what should I create for just the most simple setup for web, e-mail send, receive, pop3, streaming, skype.  all I want is the most simplest out of the box install just to get everything working, then I can lock it down after that.

 

eth0 is WAN and interface is set as default gateway

eth1 is LAN

loaded clean and even ran the wizard utility, which in the end failed to do or set up anything. So had to manually add WAN, eth0 and most basic firewall rules.

So added WAN interface.

configured DHCP on internal network

Loaded my Home License

Updated to firmware 9.502-4

Added firewall rules as follows:

internal network - DNS - Any

Internal network - web surfing - any

Internal network - Email messaging - any

Internal network - instant messaging- any

Internal network - Terminal applications- any

Internal network - ping - any

Even did Internal network - any - any 

All are enabled and yet can not surf the web, e-mail, ping. NSlookup works but I assume that is pulling from the UTM.

listed in "current system configuration" only the firewall is active and configured. Everything else is not configured and not being used, is red.

Do I need to add NAT, DNAT, SNAT?

 

Without having an any - any - any rule, what is the most simplest basic config just to get up and going, so then after that one can lock it down?

Back to the netgear for now.

I look at the firewall logs, and even with internal net  - any -any it shows things going and green, yet can't get anything to respond.

My active firewall logs:

 


18:14:32 Packet filter rule #1 UDP
192.168.2.114 : 46165

8.8.8.8 : 53

len=57 ttl=63 tos=0x00 srcmac=00:12:12:95:d1:f6 dstmac=00:13:21:78:52:7d
18:14:32 Default DROP UDP
192.168.2.113 : 59257

112.124.0.188 : 7999

len=132 ttl=63 tos=0x00 srcmac=00:12:12:a4:62:47 dstmac=00:13:21:78:52:7d
18:14:32 Default DROP UDP
192.168.2.119 : 35090

54.207.126.203 : 8000

len=53 ttl=63 tos=0x00 srcmac=00:12:12:a5:f0:63 dstmac=00:13:21:78:52:7d
18:14:33 Packet filter rule #1 UDP
192.168.2.118 : 46683

8.8.8.8 : 53



[SYN] len=60 ttl=63 tos=0x00 srcmac=00:26:55:2f:8b:84 dstmac=00:13:21:78:52:7d
18:27:13 Packet filter rule #3 TCP
192.168.2.202 : 48510

172.217.9.78 : 443

[SYN] len=60 ttl=63 tos=0x00 srcmac=00:26:55:2f:8b:84 dstmac=00:13:21:78:52:7d
18:27:13 Packet filter rule #3 TCP
192.168.2.202 : 48512

172.217.9.78 : 443

[SYN] len=60 ttl=63 tos=0x00 srcmac=00:26:55:2f:8b:84 dstmac=00:13:21:78:52:7d



This thread was automatically locked due to age.
Parents
  • 0

    rules order,

    rule 1 is DNS

    rule 2 is web surfing.

    The rules are in order as listed above in my post. Then as a last ditch resort, I added the internal network - any - any at the very top just to test with and still nothing.It is turned back off.

    Chad

  • 0 in reply to cmp828

    ummmm....

    1. Go to support > tools > ping check. Ping 8.8.8.8. If reply, you are on the internet

    2. In same place, DNS lookup. enter google.com. If reply, you can resolve.

    The above tells us you are on the internet. You need that established before going any further.

    If you have your lan setup, my guess is that you haven't got NAT setup right.

    1. Go to Network protection > NAT > Masquerading. There should be a rule in there for your LAN to go to the WAN

    If so:

    1. Go to firewall rules and add LAN > web surfing, DNS > internet

     

    The above should get you on the internet.

Reply
  • 0 in reply to cmp828

    ummmm....

    1. Go to support > tools > ping check. Ping 8.8.8.8. If reply, you are on the internet

    2. In same place, DNS lookup. enter google.com. If reply, you can resolve.

    The above tells us you are on the internet. You need that established before going any further.

    If you have your lan setup, my guess is that you haven't got NAT setup right.

    1. Go to Network protection > NAT > Masquerading. There should be a rule in there for your LAN to go to the WAN

    If so:

    1. Go to firewall rules and add LAN > web surfing, DNS > internet

     

    The above should get you on the internet.

Children
  • 0 in reply to Louis-M

    Thank you, that helped and I got it figured out. My biggest issue was the NAT.

     

    Below is my most basic settings. From hear I am working to build up my function and rules.

    Hope this helps others.

     

    Everything is up and working, below listed aremy settings / rules.

     

    So from a clean install of UTM 9.5x...  It will run through the wizard but it never configures anything for me. So when you do log in to UTM, all you have is the local / LAN interface established so you can log in and configure it.

     

    SO log in, next you need to configure your WAN port.  (Typically I use ETH1 as LAN or internal and ETH0 as WAN or Internet)

    1. Configure WAN interface

    2.Go to Network Protection,  -> NAT -> Masquerading and create the rule.

    Interface -> internal (what ever you are using for LAN interface.  -> ETH0 (or what ever you are using for your WAN connection)

    3. Network Services DHCP -> interface internal -> set range, start, end, next add DNS and gateway  (basically fill in the requires information.

     

    4. Basic Firewall rules, these use to be automatically set up by the wizard back in the 7.3 / 8.x days. Create these Firewall rules:

    Internal Network  (IN) -> DNS -> Any

    IN -> Websurfing -> any

    IN -> email messaging -> any

    IN -> Instant Messaging -> any

    IN -> Terminal Applications -> any

    When you look at the Current System Configuration on the dash board, you will only have the firewall green and all other listings will be red or not configured.

    With the above set, you should be able to go do and use the Internet.  Again most basic to get up and going and then from hear you can start to lock down the system and add functions and services. 

     

    Hope this helps others, Several people gave me tips on this basic config, and I thank everyone who assisted me.

    Thank you,

    Chad Pauli

Unfiltered HTML