Untangle: First look

August 19, 2008 at 9:21 pm Leave a comment

Last Saturday, I dove deep into the world of Untangle.

My first attempt at installing it didn’t go well.  My machine had a Promise SATA Raid controller in it attached to two 36 GB WD Raptor drives.  After the installation was complete, I was greeted with a screen which ended in “GRUB”, hanging indefinitely.  I tried a PATA 250 GB drive I had laying around, but that drive wasn’t seen by Untangle’s installer.  (The machine in question has a ServerWorks chipset, which may be the problem with the PATA issue.)

Undaunted, I continued on.  I ended up with a single WD Raptor attached to a single port of the SATA Raid controller, after which I went into the config on the RAID controller, wiped it, then added it back (mind you, not as a RAID since only one drive was attached).

Untangle liked this, as my next install completed successfully.

For people with a bit more in the way of standard hardware, I imagine the install process would have gone very smoothly.  Overall it is a very polished process, including the walk through you are given after the initial boot.

Downloading and installing modules struck me as much more processor intensive than I would have imagined.  The poor 1.8 Ghz Celeron processor on this server seemed to be under extreme load when I attempted to download and install three or four modules at once.  Other than this unexpected issue, it has operated smoothly since.

One of the first things I did was visited my favorite scanning website, Shields Up!.  It told me that my machine replied to pings, port 22, and port 443.  Using a web proxy service, I could see that port 443 was the admin interface for Untangle, though it informed me that external administration was disabled.  I would have prefered Untangle not say what it was to an external entity (read: potential hacker).

Next, I struggled with the firewall feature to try to block HTTPS incoming, as well as pings.  Unfortunately, my Monowall and pfSense experience didn’t translate well to Untangle’s firewall.  When trying to block HTTPS, I was still able to hit it via the proxy, but I couldn’t communicate with any HTTPS websites.  Finally, I searched through the Untangle forums and found the suggestion that ICMP would be best blocked elsewhere.  After selecting “Networking”, I then selected Advanced, and Packet Filter.  Ahhhh!  Packet Filter!  My old friend!  (The pf in pfSense wasn’t selected by chance, you know!)

Within short order, I had the problems reported by Shields Up! taken care of.

I like the look of the QOS features, though I haven’t done much to test them.  The built-in rules for VoIP traffic is a nice touch too.

I like the DHCP server features in Untangle also.  One thing that always bothered me with pfSense and Monowall was that if you have a device that has a DHCP address, and you want to make it have a statically assigned DHCP address, it couldn’t be from the same pool of addresses.  With Untangle, you hit the “+” next to the one you want to statically assign, and it is statically assigned the address that has right now.

As it turns out, I don’t need much in the way of coverage on SMTP, POP, or IMAP.  Since I’ve just switched to using Gmail for my domain email, it’s all handled via SSL protected IMAP over port 923, so Untangle isn’t able to help me there.  Fortunately, I think google has me covered on the AV/Spam front, mostly anyhow.

I’ll say this:  After less than 24 hours on Untangle, I almost switched back to pfSense.  Each section (Web Filter, Virus Blocker, etc.) has it’s own log to show what’s going on.  Each one also has a graph to show the sessions and data rate going through.  In the whole interface, no where did I see an icon to select a large graph showing a real-time view of the amount of traffic (incoming and outgoing).  No where did I see something to show the CPU utilization of the machine.  The fact that the firewall didn’t work the way I expected bothered me.  I don’t see any way to perform a network trace on Untangle, which is a feature I used occasionally in pfSense.  I guess I just don’t feel like Untangle is showing me as much detail as I’d like.  That spooked me a little, because I really want to know exactly what is happening on my network in a “I’m very paranoid about hackers” kind of way.

But, a steady hand prevailed.  I decided to stick with it for a week or two (at least) to give it a fair shake, and to find out if there is a good way to do these other things that I’d like to do.

Ultimately, I may end up running pfSense as my firewall and using Untangle in bridging mode, which would give me the best of both.

What I like so far:

1.  The transparent proxy report shows all sites that individual machines go to.  This is a good way to make sure that your machine isn’t “owned” by some malware, as lots of things talk out port 80, since it is usually allowed out.

2. The Spyware blocker actually keeps you from hitting lots of ads in your web surfing.

3. The Web Filter has lots of categories, allowing me to block entire categories, or specific sites that I list, or add in my own “Pass List”.  This can be either URLs, or client IP Addresses that get to go wherever they want.  (Personally, I use OpenDNS, which blocks categories and lets you designate individual URLs as allowed, if you want, but doesn’t allow one individual client to get around the blocked sites.

4. The Virus Blocker scanning every site I visit before I get there.  I feel like this is a must-have feature for any product in this market very soon.  May need to add image scanning in the future, since it was recently revealed that files can have an image extension, but contain Java code and browsers will execute them as Java.

5. Intrustion Prevention looks useful.  I’m not sure what’s under the covers here (Snort?), but having rules in place to block an internal machine from sending back a cmd.exe banner (indicating a successful intrusion) sound like a good idea.

6. Protocol Control looks potentially very useful as well, particular for small businesses.

7. Lastly, I am now able to do a video iChat across the LAN with my wife.  I’m not sure when this broke, but for a very long time now, my connection to my wife via iChat only worked for about 10 seconds, during which I received no audio.  After that, iChat seemed to think that it was not communicating with the remote iChat client, so it aborted the connection, but this problem is completely gone now.

That’s all for now.


Entry filed under: Networking.

VMware makes things easy Untangle vs. AppleTV

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


August 2008
« Jul   Oct »

Most Recent Posts

%d bloggers like this: