2 routers on a switch thru Untangle

Legendrd · 02-08-2010, 08:21 AM

Hi,
We have an untangle server that has been setup as a bridge, and is currently connected to 1 NetGear VPN Firewall Router which that connects to the ISP (RR Business Service)

My question is: if I introduce a 10/100 ethernet switch between the Untangle and the Netgear Router can I add a 2nd Firewall Router and have the untangle monitor that as well?
My reason for this is we have 5 IP addresses with our ISP and have setup different routers on each IP which have different services running thru them, such as FTP, Email, HTTP, and so on, and I would like the Untangle to be able to monitor both the HTTP and Email traffic but want to keep them on separate IPs...

thanks

gotkimchi · 02-08-2010, 11:00 AM

Welcome to the forums. Sorry, I am unable to follow your network. Do you have a network diagram? If not, could you describe it something similar to this:
WAN-Netgear router (5 IP addresses)-Untangle (bridgemode)-LAN

I think, you are trying to do this:
WAN-Netgear-Switch-other Router on one of the ports, other port Untangle (bridgemode)-LAN

Please correct me, if I am not understanding your network.

richie · 02-08-2010, 11:09 AM

welcome. it will filter traffic as long as the hosts are behind and passing through untangle.
are you using the vpn on the netgear? if not, i would just make the untangle the router and use the dmz interface for your other routers.

Legendrd · 02-08-2010, 11:12 AM

Sounds like you have got it spot in, The 5 IP addresses are supplied by ISP.
SO connection would look something like this:

WAN - Router 1
WAN - Router 2

Router 1 - Port 1 on Switch
Router 2 - Port 2 on Switch
Untangle (External NIC) - Port 3 on Switch

hope this helps..

dwasserman · 02-08-2010, 02:41 PM

Not sense, put a real router (not a NAT box) and manage all public ip whit it, otherwise you are incoming in a nightmare of routing because have 2 default gateways.

itcinc · 02-08-2010, 03:48 PM

Quote:

Originally Posted by Legendrd

My reason for this is we have 5 IP addresses with our ISP and have setup different routers on each IP which have different services running thru them, such as FTP, Email, HTTP, and so on, and I would like the Untangle to be able to monitor both the HTTP and Email traffic but want to keep them on separate IPs

quote emphasis added....

If I read this correctly you are saying you have 5 IPs AND 5 routers for a single data connection. Seems like a lot of trouble that could be handled in a much simpler manner.

I second Richie's suggestion that you use Untangle as the router if you are not using a VPN connection on the Netgear. Untangle has the ability to handle multiple public IP addresses and forward them to the desired private address. You can even do this with different port numbers on a single IP address - e.g - 1.2.3.4->port 80->192.168.1.4 and port 21->192.168.1.5

Basically your first public IP would be assigned as the external IP address and the next four addresses would be configured as aliases. You then decide where you want to forward them to on the LAN. You will need to establish NAT rules if you want the traffic to go back out on the same IP as it came in on. There is another thread that has a discussion of that subject that we could find if you need it.
e.g.
1.2.3.4 -> internal mail server @ 192.168.1.4
1.2.3.5 -> internal ftp server @ 192.168.1.5
1.2.3.6 -> internal web server @ 192.168.1.6

Would that work for you? It would sure be simpler.

Legendrd · 02-09-2010, 04:53 AM

While I appriciate everyone suggestions on how to change my network, it is not awnsering my question.
We cannot change the setup for a number of reasons, one being VPN connections to different parts of the network, and the other for security reasons.
SO - Will the untangle server in its current setup monitor 2 WAN connected routers via a switch?

thanks

dwasserman · 02-09-2010, 06:22 AM

I am not sure, download, install and try yourself.

itcinc · 02-09-2010, 02:15 PM

If I understand what you want to do it will look something like this:

router1--->switch port 1

router2--->switch port 2

................switch port 3--->UT--->LAN switch--->workstations

You will have one input and one output and Untangle will be scanning everything that goes through it. I think the short answer to your question is "yes" - you should be able to do this with Untangle this. You can download the ISO and get busy installing.

02-08-2010, 08:21 AM	#1 (permalink)
Legendrd Newbie Join Date: Apr 2009 Location: Columbia, SC Posts: 3	2 routers on a switch thru Untangle Hi, We have an untangle server that has been setup as a bridge, and is currently connected to 1 NetGear VPN Firewall Router which that connects to the ISP (RR Business Service) My question is: if I introduce a 10/100 ethernet switch between the Untangle and the Netgear Router can I add a 2nd Firewall Router and have the untangle monitor that as well? My reason for this is we have 5 IP addresses with our ISP and have setup different routers on each IP which have different services running thru them, such as FTP, Email, HTTP, and so on, and I would like the Untangle to be able to monitor both the HTTP and Email traffic but want to keep them on separate IPs... thanks

02-08-2010, 11:00 AM	#2 (permalink)
gotkimchi Administrator Join Date: Jan 2007 Location: Bay Area Posts: 1,791	Welcome to the forums. Sorry, I am unable to follow your network. Do you have a network diagram? If not, could you describe it something similar to this: WAN-Netgear router (5 IP addresses)-Untangle (bridgemode)-LAN I think, you are trying to do this: WAN-Netgear-Switch-other Router on one of the ports, other port Untangle (bridgemode)-LAN Please correct me, if I am not understanding your network. __________________ to be understood, you must first understand.

02-09-2010, 02:15 PM	#9 (permalink)
itcinc Master Untangler Join Date: Dec 2008 Location: Dallas, TX Posts: 256	If I understand what you want to do it will look something like this: router1--->switch port 1 router2--->switch port 2 ................switch port 3--->UT--->LAN switch--->workstations You will have one input and one output and Untangle will be scanning everything that goes through it. I think the short answer to your question is "yes" - you should be able to do this with Untangle this. You can download the ISO and get busy installing. Last edited by itcinc; 02-09-2010 at 02:21 PM.. Reason: clarification

02-08-2010, 11:09 AM	#3 (permalink)
richie Master Untangler Join Date: Apr 2007 Posts: 389	welcome. it will filter traffic as long as the hosts are behind and passing through untangle. are you using the vpn on the netgear? if not, i would just make the untangle the router and use the dmz interface for your other routers.

02-08-2010, 11:12 AM	#4 (permalink)
Legendrd Newbie Join Date: Apr 2009 Location: Columbia, SC Posts: 3	Sounds like you have got it spot in, The 5 IP addresses are supplied by ISP. SO connection would look something like this: WAN - Router 1 WAN - Router 2 Router 1 - Port 1 on Switch Router 2 - Port 2 on Switch Untangle (External NIC) - Port 3 on Switch hope this helps..

02-08-2010, 02:41 PM	#5 (permalink)
dwasserman Join Date: Jun 2008 Location: Argentina URLs submitted: 29 Posts: 2,165	Not sense, put a real router (not a NAT box) and manage all public ip whit it, otherwise you are incoming in a nightmare of routing because have 2 default gateways.

02-09-2010, 04:53 AM	#7 (permalink)
Legendrd Newbie Join Date: Apr 2009 Location: Columbia, SC Posts: 3	While I appriciate everyone suggestions on how to change my network, it is not awnsering my question. We cannot change the setup for a number of reasons, one being VPN connections to different parts of the network, and the other for security reasons. SO - Will the untangle server in its current setup monitor 2 WAN connected routers via a switch? thanks

02-09-2010, 06:22 AM	#8 (permalink)
dwasserman Join Date: Jun 2008 Location: Argentina URLs submitted: 29 Posts: 2,165	I am not sure, download, install and try yourself.