Multiple WAN/LAN bridges? Possible?

[cmcquistion]

I currently have multiple Untangle servers running in bridged mode behind our router, filtering our various networks. I have set them up this way so we can have logging that shows what client IPs are doing what on our various networks (4 different LANs).

Is there any way I could narrow down the number of physical Untangle boxes needed to perform these bridges?

I've tried (but have been unsuccessful so far) to setup an Untangle server with 4 NICs and have two WAN interfaces, each bridged to a separate LAN interface. I haven't got that working and wondered if this is possible, somehow?

[sky-knight]

Untangle in bridge mode can only have 1 default gateway. Packets that pass into the UVM are destroyed and rebuilt based on the local IP configuration. This means that packets passing through the Untangle bridge will ALWAYS be redirected to the gateway that Untangle has. That is why secondary ip segments don't work, you're sending the packets at the wrong IP address.

If you have a router that is operating multiple IP addresses in the same layer 2 space, it is possible it will work anyway, as the interface receiving the packets is the same. But not all routers are this forgiving.

The only time you have have multiple IP ranges transiting an Untangle bridge is if those IP spaces are consistent enough for Untangle's netmask to widen enough to encompass them all. You'll likely end up widening the netmask on your router as well, which can cause other issues.

If you have 4 LANS, then I suggest you take the easy way out and either convert over to an Untangle router with 5 interfaces. Or, get a layer three switch to maintain each VLAN itself. Then the layer 3 switch can route all packets to another network designed for egress traffic, which has your edge router on it. Untangle then has a clean route outbound, only a single IP segment on the wire, and static routes can map the appropriate traffic back to the switch.