No success

[bob-u]

I tried to install on KVM from iso. There seems to be an issue with user accounts. I'm not able to login to console with any user and password combination, errors with pf scrip and configuration:

[sonertari]

It seems like you did not configure an internal interface or the IP address of it properly. Please see the InstallationGuide.txt at the root of the iso file: "Make sure you configure two network interfaces. You will be asked to choose internal and external interfaces later on."

The error messages on your screenshots point to that issue, but I need to fix the final message which says the installation was completed successfully (it wasn't).

[bob-u]

It's got to be something else then not configuring interfaces. If you look at the second screenshot you can see two interfaces configured: em0 that is WAN interface, DHCP enabled, not connected vio0 that is LAN interface which acquired IP via DHCP, connected

There was another issue, unrelated to the interfaces, where I could not login using console and I tried multiple installations. On one occasion I could ssh to it and login as root. When I tried to change password for user/utmfw/admin accounts that I used during setup - password was being rejected due to low complexity (something that install script did not do). However, even after changing the password for above mentioned accounts, when I tried to login via console (web was not available) I could login, got a welcome sentence in Turkish and then system logged me out. Following that, I tried to install with complex password but it did not get the system up and running and login through console still was not working. So it seems, I have multiple issues happening at the same time.

[sonertari]

The LAN interface should have a static IP address assigned to it during installation, DHCP will not work there. Set a static IP address to the internal interface. (Also I suggest that it should be UTMFW who assigns IP addresses over DHCP on the local network, but that's optional.)

Passwords of UTMFW users, admin, user, and utmfw are double encrypted. Please first do what I said above, then log in to the web UI, go to the System>WUI page, and see the help box next to the User-Password boxes. The root password is not double encrypted.

[sonertari]

General notes about users:

• root is the only system user as usual. admin and user users are UI users. utmfw is a network user.
• The only user you can log in to the system is root. The root password is a regular password, not double encrypted. But you are advised not to enable ssh login for the root user.
• The admin and user users cannot drop to a shell. Their login shell is an sh.php script. They don't even have a home folder. Their passwords are double encrypted.
• The network user utmfw is similar too, but its login shell is whois. Its password is double encrypted.

Most of these is for security purposes.

[bob-u]

Thanks for the info. I made it to work by assigning two static IP addresses to both interfaces (also used the latest ISO). I believe the issue was with IDS blocking my connections - maybe default should be to keep it offline.

BTW, when using proxmox console, to install the UTMFW, instructions to select/deselect packages is off the screen (and there's not scroll up) and I could not figure out how to choose packages (in case I wanted to deselect IDS).

[sonertari]

By default, SnortIPS blocks an IP address if the alert prio is 1 (the highest level) and the alert contains the word Portscan in the alert issued for that IP address. But if you still suspect that SnortIPS blocked you out, I suggest you look at the logs of SnortIPS, /var/log/snortips.log, all such block actions should be listed there.

I don't recommend not installing Snort IDS, because all connections going through SSLproxy are also inspected by Snort inline for intrusions. Without Snort inline in between, all those connections would fail, i.e. no web, no pop3, no smtp, making UTMFW pretty useless.

See again the screenshots you have sent. They clearly hint that there was something wrong with the interface configuration, hence more than a few configuration failures for a couple of services (this is not about SnortIPS).

Btw, I think https://github.com/sonertari/UTMFW/issues/6 doesn't seem related.

[bob-u]

I tried to install UTMFW multiple times trying different ways, only couple are documented in the screenshots above. Granted this is just speculation on my part about IDS being an issue as I do not have any hard evidence besides symptoms: I was able to ssh but not to access the web interface.

[sonertari]

If you were able to ssh, then it cannot be SnortIPS (it blocks all traffic coming in for that IP address). Anyway, I hope all is fine now.