Need better support for 2nd Internal interface

[sky-knight]

I've been using Untangle in this configuration for some time. And, while it can be made to work there are several things that are less than ideal.

1.) Pretty block pages don't work. I still get a very basic HTML block but the nice pages just won't fire despite my best efforts.

2.) Reports don't show activity on the second subnet.

3.) DHCP server doesn't have the ability to serve the second subnet without hacking the file by hand. GUI support here would be nice.

These features, as well as the ability to do IP ranges as an alias on external would go a long way to enabling Untangle to operate as a full core router. But, I will admit, I would rather multi-wan/failover was implemented first.

[tbelote]

Does bridging internal #2 to Internal help on any of these problems?

But yes you are right on items 1 and 3 for sure on a second internal with a static IP. Item 2 sounds like a bug we haven't heard about yet though.

[dmorris]

Does bridging internal #2 to Internal help on any of these problems?

But yes you are right on items 1 and 3 for sure on a second internal with a static IP. Item 2 sounds like a bug we haven't heard about yet though.

Just filed #2)
http://bugzilla.untangle.com/show_bug.cgi?id=5217

[sky-knight]

Yeah you can bridge DMZ to Internal and have it work fine. But, that doesn't fly well in all configurations. I NEED a separate internal subnet... and to make things even more interesting I also NEED captive portal. Which, necessitates a monowall router without NAT in the way of the actual Clients.

See the attachment for the network map.

I have been able to verify on my own testing that if I bridge a given interface to internal the block pages work as expected. This does allow me to separate firewall rules and such but doesn't give me a new IP space. I don't want to deal with the firewall insanity required to split a DHCP space up and keep the wireless users out of the main network.

That said, in the next month we're expecting 10,000 people to wander through here over a weeks time. About 10% of these people are expected to be using the public wireless. I would really like it if those 1000 people saw a pretty Untangle logo when they did something silly...

The DHCP limitation didn't apply to me here because I have a DC doing the DHCP on the main network. I "could" have used the UT's DHCP service instead of the monowall's but I figured... why? No need to deal with a DHCP relay this way. So I guess I have UT's DHCP service still sitting there for that expansion LAN when it comes online.

Also, as I was working with the map... it dawned on me that we really should change the interface names assigned in Untangle.

Currently they progress from External, Internal, DMZ, eth3, eth4, eth5, and eth6.

That is all 7 interfaces we can handle thanks to the Kernel dieing at 8 and one being reserved for VPN. Can we get those names after DMZ changed to Opt1, Opt2, Opt3, and Opt4? In it's current configuration it is "very" easy to get the Untangle interface name confused with the linux interface name. They are NOT the same thing.