- 1 If I am running NAT, how can I provide access to a web server connected to the internal network?
- 2 I have multiple subnets and after installing Untangle as a bridge only my main subnet can connect to the internet. Why?
- 3 Is it possible to serve DHCP on multiple interfaces?
- 4 Does Untangle support dual WAN or WAN failover?
- 5 My network is extremely slow and some pages won't load. Why?
- 6 Can I use OpenDNS with Untangle?
- 7 My port forward isn't working. Why?
- 8 I setup a port forward for HTTPS (port 443) and it is not working. Why?
- 9 I setup a port forward to my FTP server and it is working but transfers fail. Why?
- 10 Can I port forward traffic destined to a specific hostname like 'mywebserver.com' to a specific server?
- 11 Does Untangle support 1:1 (One to One) NAT?
- 12 What is "Destined Local?"
If I am running NAT, how can I provide access to a web server connected to the internal network?
- If the web server is using DHCP, it should be assigned a static address. Go to Assigning Network Computers Static IP Addresses.
- Map the web server to that IP address as discussed in Mapping Computer Hostnames To IP Addresses.
- Create a port forward rule for all incoming traffic on port 80 to your web server as discussed in Port Forward Rules.
I have multiple subnets and after installing Untangle as a bridge only my main subnet can connect to the internet. Why?
Untangle needs to know about the other subnets in order to correctly route traffic to them. This can be done in several ways.
- Give Untangle an alias on each subnet. This can be done in config->networking. This tells untangle that this subnet is local and should be routed accordingly.
- Alternatively, If your subnets are all similar (ie 192.168.1.x vs 192.168.2.x) make sure Untangle has a netmask that includes them all (255.255.0.0 vs 255.255.255.0)
- If your other subnets are behind another internal router also add routes to tell Untangle how to route to these subnets in Config > Network > Routes.
Is it possible to serve DHCP on multiple interfaces?
Yes, just configure the DHCP settings on the appropriate Interfaces.
Does Untangle support dual WAN or WAN failover?
My network is extremely slow and some pages won't load. Why?
Some internet connections have a sub-1500 MTU but don't support automatic MTU path discovery. It is worth a try to manually change MTU on the config > network > advanced > network cardsto something lower, 1492 or even 1450, to see if it has any effect. This is more common with PPPoE connections. It is suggested that if this does not solve the issue you return MTU to the default setting.
Can I use OpenDNS with Untangle?
Sure. Simply change your external interface's settings to use OpenDNS's servers as a DNS server.
My port forward isn't working. Why?
Follow the Port Forward Troubleshooting Guide to see if you can discover the issue.
I setup a port forward for HTTPS (port 443) and it is not working. Why?
I setup a port forward to my FTP server and it is working but transfers fail. Why?
FTP has multiple connections. If you setup a port forward for the control session (port 21) then you must also setup a port forward for the transfer sessions. You can do this in multiple ways.
- Configure your server to use a range of ports for a transfer, passive ports (i.e 10000-20000) and configure Untangle to forward all of these ports to the FTP server.
- Use 1:1 NAT
Can I port forward traffic destined to a specific hostname like 'mywebserver.com' to a specific server?
No. Packets are destined to IPs not hostnames. When a new packet of a new session arrives from 126.96.36.199 port 1234 to 188.8.131.52 port 5678, the port forward rules must decide if and where to forward that session based on the information present in that packet. This decision can only be made using the information known at this time. If the session is forwarded and its an HTTP or HTTPS session and later it successfully connects, the client may request "mywebserver.com/index.html". At this point in theory the hostname is known, however the port forwards must decide where to forward the session long before the hostname is known. Port forwards rules can not see into the future and know which hostname the client may request at the time the client is trying to initiate the session.
However, This can be accomplished for HTTP and HTTPS traffic using | apache as a reverse proxy. This mechanism will accept all HTTP requests and forward/proxy based on the information in the request and proxy all responses from the final server.
Does Untangle support 1:1 (One to One) NAT?
Yes, Read more about how to setup 1:1 NAT.
What is "Destined Local?"
Destined Local is a flag for port forward rules. It matches on traffic destined to the local untangle machine and one of its IPs. This flag is usually used when you want to redirect a port on the Untangle Server (and all of its IPs) to another server.