Connectivity Loss to Sonicwall Gateway through Untangle

[sky-knight]

That depends on your network, and if the bridge is working properly, keep it.

If you want to try it, you're creating this network at the least.

Internet -> edge router -> Untangle Router -> LAN

The critical aspect is the IP network that lives between the two routers. That is the only automatically configured Internet connection. The Untangle router will need no special configuration other than to remove the NAT policy. The edge router will need a static route for any IP Networks in the LAN area.

[dbunyard]

That depends on your network, and if the bridge is working properly, keep it.

If you want to try it, you're creating this network at the least.

Internet -> edge router -> Untangle Router -> LAN

The critical aspect is the IP network that lives between the two routers. That is the only automatically configured Internet connection. The Untangle router will need no special configuration other than to remove the NAT policy. The edge router will need a static route for any IP Networks in the LAN area.

I'm with you now, I don't think I had enough coffee this morning for this to sink in. I have to have a /30 network between the gateway and the UT Box then have a static route on the gateway to send the LAN network IP block (a /24 in the case for my home network) through the WAN IP address of the UT box, correct? It's been a while since I've used a /30 to route between 2 routers but I think I still remember the basics of it. Thanks so much for all your help!!

P.S. Probably stupid question, but do I have to nuke the box and re-install to make it a router? Oh and if the DHCP server is my gateway also do I need to so something special with the UT box to forward the DHCP requests?

[sky-knight]

It doesn't have to be a /30, but you could use one for this purpose. Personally I don't drop below a /24 if I can avoid it.

And no you don't have to reinstall Untangle, you're just reconfiguring it.

[dbunyard]

It doesn't have to be a /30, but you could use one for this purpose. Personally I don't drop below a /24 if I can avoid it.

And no you don't have to reinstall Untangle, you're just reconfiguring it.

No but I don't really see the point of a larger subnet if there is not need for it. Typically a /30 is used for the route between 2 routers.

I just attempted this and didn't get it to work so I rolled it back to before I started. Maybe just missed something though. Anyway I attached two maps to this post, one is the current and one is what I'm attempting to do. I also built a static route in the Astaro box to send all traffic bound for 192.168.9.x to the 172.20.2.2 address being the Untangle box. The Untangle box could access the internet and all the LAN machines could access the Untangle box but none of the LAN machines had internet access, even the ones with static IPs.

All I did with UT was change the network address of the WAN address to the 172.20.2.2 address then change the LAN from bridged to a static address of 192.168.9.2 per the diagram. Is that all that needs to be done? And I don't need any port forwards on the UT box either since it's not doing NAT, correct?

Sorry to be such a pain... Thanks!

[sky-knight]

I agree with the conservation of addresses. However, are you going to have that private /24 in need when you have 253 more just like it soon? Also, what happens when you need to add another router?

I don't like painting myself into a corner, especially when there is no need.

It sounds like you had the routers working, but you may not have updated the machines? Are the workstations / servers talking to the correct gateway? They need to be using Untangle now, not the router in front of Untangle.

[dbunyard]

It sounds like you had the routers working, but you may not have updated the machines? Are the workstations / servers talking to the correct gateway? They need to be using Untangle now, not the router in front of Untangle.

DOPE! Stupid Dan... That didn't even cross my mind. No, I didn't, they were still attempting to use the Astaro box at .1 as the gateway. Since it's not using that address anymore though I could assign the UT box at .1 and not have to update all the machines on the LAN correct?

Also since it's my home network I don't see adding any other routers anytime soon. Though since it's a private address I suppose there is no harm in just making it a full class C. Thanks again, I'm going to give this another shot.

[sky-knight]

Yes

[dbunyard]

Finally got this working Monday night and it's been working flawlessly on my home network. Talked with wifey yesterday and she didn't see any problems at all. Talked with the guys at work and we are going to do this here as well after I let it run at home for a little bit longer. Thanks so much for all your help Rob!!!!