Many of our customers do have wireless network. In fact, it is cheaper to buy a router/wireless/switch device than a standard switch. (example linksys, dlink, netgear)

If you have a wireless device, no need to fear. As long as the Untangle server is in front of your wireless device, it will be filtered. You might need to turn off the routing function on your wireless device, since the Untangle server is in front of that wireless device.

http://gotkimchi.com/pictures/smallofficeroutera.png

So if my wireless router is between the isp and the untangle server (transparent bridge mode), my wireless client machines will not get spam filtering for example?

It depends if the email traffic is going through the untangle server or not.

For instance, if your wireless people are using POP and talking to a server at your ISP it will not be filtered (because it isn't going through the untangle server)

If you email server is internal, and wireless users are fetching email from there it will be filtered (via SMTP) before it reaches your server.

Or you could just put the wireless router behind the untangle server.
Hope that helps! :D

So if my wireless router is between the isp and the untangle server (transparent bridge mode), my wireless client machines will not get spam filtering for example?

I just got this working last night using a diff. product Astaro, but will configured UT with similar setup. All you have to do is disabled DHCP on your wireless router and enable DHCP on the UT box and your wireless client will go through the UT for filtering. I also used the static DHCP, so I know which clients (wired or wireless) is using what IP address.

Hope this help

hmmm,i'm just curious...will the UT Windows version (Re-Router) be effective on a "wireless network"? :confused:

hmmm,i'm just curious...will the UT Windows version (Re-Router) be effective on a "wireless network"? :confused:
yep. Works great transparently:)

I was never a fan of "routers" with built on wireless gateways. It's alot easier and better for signal by putting the wireless hardware closer to where it's being used, rather then in the closet with everything else.

I'd say 90% of the "walmart" routers out there can be used as wireless access point with untangle. Some of those cheap ones don't give you the ability to turn everything off to be used correctly.

Untangle also works great at home for you torrent fans, they can kill a cheap firewall.

I do wireless for hotels... You really do get what you pay for, and there is a reason WalMart routers are so cheap. And the 2wire wireless gateways provided by ATT for DSL have known holes as well. Generally, the cheap way is only cheap if your time is free. I recommend making the devices dumb bridges and turning off any wireless, then sticking an AP on a separate subnet behind a real firewall. (But you can just leave the router WAN port unhooked, and turn off DHCP and use it as a bad AP with no remote management outside your subnet)

I'm a little concerned about the use of wireless routers when it comes to business though.

I use Untangle at home as it replaced my wireless router. I turned off DHCP on my Linksys and used a cross-over cable to connect it to my switch. For home use I'm comfortable with this setup.

At a small business I support I was a little more concerned about their use of wireless. I removed their wireless router to install Untangle since it was more secure to have all their PC's wired to their network instead of wireless. They've now asked to be able to use wireless again, but I was hesitant to put their Linksys back onto their network (behind Untangle). I was thinking instead to put their wireless router in the DMZ of Untangle and let them connect to their network from their laptops with VPN. They don't use this way of connecting for all day work. This is only for a select few who need a quick connection to the network for short periods.

Even if I use WPA encryption on my wireless access and do not broadcast the SSID, I would think there is still a risk to putting a Wireless router behind Untangle. Putting it in the DMZ means you have to break in twice (once to the wireless network and again into the VPN).

Am I wrong with my thinking?

I say put the wireless router behind the UT. Disable the router/gw mode and just use it as access point and you'll be fine

greavette the only issue with using wireless on the DMZ is untangle can't provide DHCP service for more than one network segment. If you use Untangle's DHCP service on the internal it won't be available for the DMZ.

That said, I'd just kill DHCP in the wireless router, set a static IP on the lan side that works on the internal network and plug it in. If you dictate WPAv1 or better the security is functionally unbreakable.

Yes it is "insecure" but your wire has problems too. ;)

Um, I wouldn't advise plugging your wireless into your switch and putting it on the LAN. That is definitely a security problem. Instead edit the /etc/dnsmasq.conf For example:

dhcp-range=eth1,192.168.1.100,192.168.1.200,14400
dhcp-range=eth2,192.168.4.100,192.168.4.200,14400
localise-queries
expand-hosts
addn-hosts=/etc/untangle-net-alpaca/dnsmasq-hosts
no-hosts
domain=dynalias.net
domain-suffix=dynalias.net
server=xx.xx.xx.xx
server=xx.xx.xx.xx
server=xx.xx.xx.xx


That way you keep seperate subnets. I never let my wireless clients onto my Lan and wise versa...:)

(PS: the server=xx.xx.xx.xx is your dns servers!)
I have DHCP working on all interfaces! I have 4 now.....:)

Lowen

I'm fine with Untangle not providing dhcp to my wireless clients. The employees doing their daily routine work will only use a wired connection. One or two wireless connection may be required on an adhoc basis to quickly access our network and database and mail server for a temporary basis by trusted employees (not for everyone). We may also have customers who come in and require the use of the internet and I wouldn't want these people on our private network.

I still think the risk is too high to allow wireless connections on your network for any business environment...just my two cents.

So Lowen...if a wireless client needed to access your Lan, what do you use? OpenVPN or something else?

I do IT for businesses of home-based workers. They don't make a big distinction between their business and non-business use of their computers. And they like to roam around their homes with their laptops and do business work.

They also want to have wireless access for their friends and family who bring laptops over. Hmmm....two wireless networks at home? biz and non-biz? Perhaps that is warranted since they want their business IT to keep working.

Lowen, /etc/dnsmasq.conf has a file override by UT. Do you take away write privileges for UT after it is all set up except for your split networks? I would like to know what won't work from the UT alpaca side if I take over that file.

Dnsmasq provides the DHCP and DNS services for Untangle. So if you override that file both GUIs for the respective services will be non functional.

Lowen, /etc/dnsmasq.conf has a file override by UT. Do you take away write privileges for UT after it is all set up except for your split networks? I would like to know what won't work from the UT alpaca side if I take over that file.


Yes if it is not checked and you make changes it will be overwritten. You can lock down what DNS servers the clients get as well. Works great with Opendns. Packet filter and FW module rules won't matter either, because it will use what is provided in the dnsmasq.conf.. The only thing I could never get to work (with a router or AP) is a properly formated block page through wifi. I get black text on white background! I could get that to work with Having a Atheros wifi card directly on the system, but not an external AP...
I am just happy it blocks when it does! :) The above configuration works rather well if you MUST have a wifi network, but please don't ad it to your LAN port(s)!!!:eek:

So Lowen...if a wireless client needed to access your Lan, what do you use? OpenVPN or something else?

I do allow my Son to VPN into one ip on the DMZ interface, but that is it, It is on it's own subnet. I guess if I wanted to open up my LAN to any of the wireless interfaces it would be through either OpenVpn or other means... I am just too pnoid to allow constant access..

Lowen

:confused: untangle give the error x-windows session terminated [24695.835606] nf_ct_ras : decoding error: out of range
[24695.313659]nf_ct_ras : decoding error: out of bound


Pl . help me how to remove this error

thanks

I think some of the options that may be useful can be found in DD-WRT, such as the wireless client isolation (could be used to keep the not business people separate from the business network, doubtintom), and http redirect. I have a linksys WRT54GL running DD-WRT behind untangle, doing its own firewall and DHCP.

I believe you could put a wap on another ethernet card in your untangle box, and set it as a less trusted interface(assuming I understand that part of UT properly). HTTP redirect and a radius server would probably be good things to have properly set up if you want more control over what goes on on the wireless side of your network.