Results 1 to 10 of 10
  1. #1
    Newbie
    Join Date
    Jul 2009
    Posts
    5

    Default Untangle in an SBS2003 network

    I would like to block some web pages and log all web access for clients on an SBS2003 network. The SBS2003 server hast 2 NICs. From what I can see I can either place a UT Bridge between the servers external nic and the modem/router or install Re-router on a PC on the LAN side of the server. Can anyone with experience in this environment suggest which is the better way to go? And any gotchas if there are any.

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,517

    Default

    I think I want to cry... yet another SBS "router" hanging out on the inet where it doesn't belong...

    The "best" option is to kill ISA outright, get routing off that server, and put it behind the UT router. I don't care how "secure" something is... you just don't put sensitive commercial data directly on the internet...

    But if you want to leave it alone, a bridge install between the SBS's LAN adapter and the main switch is the easy way.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Newbie
    Join Date
    Jul 2009
    Posts
    5

    Default

    I should have said the internet device is a DSL Modem/Router/Firewall and it is locked down securely. It is not SBS2003 Premium and therefore doesn't have ISA. At the moment all I want to do is block and monitor web access.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,517

    Default

    Ahh, then what is the 2nd NIC doing?

    If the SBS server is just another machine on the network then the easy way is a UT bridge install between the router and the first switch.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Newbie
    Join Date
    Jul 2009
    Posts
    5

    Default

    In an environment like this I think some people think it is more secure to have two firewalls. SBS2003 Standard has a very basic firewall. I prefer to install SBS2003 Standard with only one NIC.

    This is a production network and I don't want to change things just so they can try Untangle. A Re-router on the inside might be best for now.

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,517

    Default

    Re-router on the "inside" will hack your ARP tables and logically be the bridge just without the rewiring. You're making the change either way, except that the re-router is hilariously unstable and almost guaranteed to fail. You're welcome to try it... but do a look around the forums first.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Newbie
    Join Date
    Jul 2009
    Posts
    5

    Default

    Thanks for your input. Looks like the Bridge between router and first switch is the only reliable way to go. I will have to change the server to single NIC.

  8. #8
    Master Untangler
    Join Date
    Sep 2008
    Posts
    105

    Default

    Quote Originally Posted by lbennett View Post
    Thanks for your input. Looks like the Bridge between router and first switch is the only reliable way to go. I will have to change the server to single NIC.
    I went through this in our office environment, and would have to agree with sky.

    The bridge install was quick and painless, not had a problem since.

    Router-UT-Switch-Sbs(with DHCP)

  9. #9
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,565

    Default

    Quote Originally Posted by lbennett View Post
    I should have said the internet device is a DSL Modem/Router/Firewall and it is locked down securely. It is not SBS2003 Premium and therefore doesn't have ISA. At the moment all I want to do is block and monitor web access.
    If it's already behind an ISP supplied combo modem/NAT router (gateway appliance)...why is SBS multi-homed if you're not running ISA?

    Disable the WAN NIC on SBS, reset the LAN IP of the modem/router to be in the range of your internal network, and re-run the CEICW.

    I prefer Untangle to my only router/firewall on clients networks....so I usually reconfigure any ISP supplied modem/router to run in pure bridged modem mode only, Untangle gets the public IP on the WAN interface.

  10. #10
    Newbie
    Join Date
    Jul 2009
    Posts
    4

    Default So assistance for new user

    I've been looking around for a product that would allow me to monitor Internet activity of all employees in the office. Mostly interested in what web sites are visited throughout the day and be able to block those I determine NON-BUSINESS RELATED SITES!

    I also have a SBS 2003. We have use a Sonicwall and 3 HP switches.

    The set up is as follows:

    T1 - router - sonicwall - switch - 2 switches(main network)
    |
    linksys router
    to phone system
    on other IP,etc..

    My questions... A) I want to reformat then install only untangle on old PC, do I need XP on this PC or untangle only as O/S?
    B) Do I connect this PC to the sonicwall or the switch after the sonicwall?

    Thank you for answers in advance !
    Jason

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2