Results 1 to 4 of 4
  1. #1
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,240

    Default Multiple WAN IP addresses and Nat Policy

    I just wanted to thank Untangle for making an interface to make this process smooth. I just added two additional IP addresses to my External adapter, reworked all my NAT policies and refined the port forward rules for the mail server. It all took about 10 min, and now I have two separate network segments using two different IP addresses and my mail server nat'd to the 3rd.

    The best part, the customer didn't even know I made the adjustment. Now that the wireless and commercial segments are on their own IP addresses perhaps I can get my mail server's IP off the black lists.

    Darn employees firing off bulk mailers....
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,240

    Default

    For the second miracle today.

    The wireless segment for this network is protected by a NAT disabled monowall router running a captive portal. I just took 12 laptops, stuffed their MAC addresses into the monowall to both reserve IP addresses for them, as well as exempt them from the captive portal.

    Then jumping to Untangle, I created a new virtual rack for these laptops, setup the policy and fired up the web filter. Now we have 12 laptops happily performing the duty of basic sales Kiosks... I have a very happy customer right now!

    My only regret... the pretty block pages still don't work on the wireless segment, and the conference is starting. There are currently 2000 people in this building using the kiosk machines, and I can see 30 to 40 people with laptops out. All of these people are covered by untangle, and not one of them will know if they bump into something bad...
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    nice!

    glad you like the new networking interface.
    yeah - we have a bug filed to fix the block pages on the DMZ (and other internal interfaces)

    currently its because port 80 admin happens only on internal and the blockpages use port 80 they don't get displayed. we'll probably fix it in the future by using another port specifically for block pages.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,240

    Default

    Yeah but that is the weird thing.. I put in a NAT rule to forward 80 to the correct spot ala Silver's wireless post...

    I can get into the http management interface, with the TRUE internal IP address FROM the DMZ... but the pretty block pages don't work...

    Just to reiterate and clarify..

    With the port forward I have in place...

    I can from the wireless segment 10.0.1.0/24, get through the monowall into the DMZ segment, 192.168.4.0/24, and access the http management console on the internal interface's address at 192.168.1.1.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2