Rookie setting up

[lohearn]

Hello all,

I used to run U4W but recent releases have not played nicely with the firmware on my dlink dir-655 router.

So I have gotten my hands on a second hand PC and will be running untangle as a bridge. I want to make sure that on deployment day (this weekend) that I will not run into any issues if I plan ahead.

Okay, as mentioned I have a router and I have an 8 port switch. Right now I have all but two ports between the router and switch combined filled up. The router has a 4 port switch built in but if I'm looking at the way things need to be set up for untangle I won't be able to use those ports?

The setup will be (if I have this correctly):
DSL Modem to
DLink DIR-655 router to
Untangle Box to
Network switch

Can I use the ports on the router for things like printers, NAS devices and my Vonage VOIP? So the printer, voip and NAS would be before the untangle box and all the PCs would go after the untangle box.

Told you, I'm a rookie at untangle dedicated and I want to save myself some frustration this weekend. If I can use the ports on the router's built in switxh for things like printers and NAS devices I can save the expense of needing to get an additional switch. My budget for this project is pretty limited.

[dmtreff]

I would not put anything outside the firewall that could be compromised by an attack. It probably would be fine to put the printer and Vonage device out there but I would NOT put the NAS device out there with all my files and private information.

You will probably need to put the devices behind the firewall on a different subnet from the devices on the Dlink.

Hope this helps.

[BOFH]

I was typing up something long and complicated, but then realized that without knowing a lot more about your network, I could lead you down the wrong path. Tell us everything about your network. Number of PCs and network enabled peripherals? Is it a windows AD network? What IP address ranges are you using? What provides DHCP/DNS to your network? You don't need to worry about buying another switch unless you run out of ports. Switches can switch different IP ranges without breaking a sweat, and you can put things inside, or outside the filtering with just a few clicks. Cheers,

BOFH

[lohearn]

I was typing up something long and complicated, but then realized that without knowing a lot more about your network, I could lead you down the wrong path. Tell us everything about your network. Number of PCs and network enabled peripherals? Is it a windows AD network? What IP address ranges are you using? What provides DHCP/DNS to your network? You don't need to worry about buying another switch unless you run out of ports. Switches can switch different IP ranges without breaking a sweat, and you can put things inside, or outside the filtering with just a few clicks. Cheers,

BOFH

Let's see, my network. It's a workgroup .

The dlink dir-655 router handles handing out the IP address, range is 192.168.0.50 through 192.168.0.250, subnet 255.255.255.0 I beleive.

From there we have:
dlink 8 port 10/100/1000 switch
500GB NAS
Vonage Voip (linksys device)
wired network printer (Canon pixma 850)
wireless printer (Brother MFC5440 connected to a wireless adapter)
wireless desktop-Windows 7 x64
wireless desktop-Vista x64
wireless laptop-windows 7 x86
wireless laptop-windows xp x86
wired desktop-vista x64
wired desktop-dual boot xp pro and windows 7 both x86
wired WHS

[BOFH]

Since there is no AD to worry about, this will be easy. We are going to set up 2 networks. The first network is everything that you want to run outside the UT box, like your Vonage VOIP which you can probably run just fine behind UT but if not, fixing it will be as simple as giving it a new IP. I'm going to assume that all the devices on your network get their IP through DHCP. You will have to manually assign anything that you want outside of UT to Manual IP addresses.

1. Write down the Ip address, gateway, DNS, and Subnet Mask of the machine that you are on. If something goes wrong, you want to be able to manually assign it to your machine so that you can access the router, &etc

2. Log in remotely to your DLink router and turn off DHCP.

3 Set up your UT box. The External Ip should be set to 192.168.0.2 GW 192.168.0.1, SM 255.255.255.0, DNS 192.168.0.1. Internal IP is 192.168.1.1, SM 255.255.255.0. You want to ENABLE DNS and DHCP on the UT box.


4. Restart your machines (except for the one that you are working on) so that they pull fresh DHCP. Now you probably noticed that by default UT will hand out DHCP 192.168.1.100-200. You have devices that you really want to have a static IP such as your printer, Vonage, NAS, &etc. Assign those devices an IP address not in the 192.168.1.100-200 range, and not 192.168.1.1. For example I would put your nas at 192.168.1.30. Pick out a range for your printers E.G. 192.168.1.20-29. For your VOIP I would assign it 192.168.1.10. It will probably be really, really handy to write whatever you assign to them in a notepad doc.

5. See if your Vonage works. If not change its IP from 192.168.1.10 to 192.168.0.10, GW from 192.168.1.1 to 192.168.0.1, DNS from 192.168.1.1 to 192.168.0.1. and see if it works again. VOIP is touchy and may or may not work behind UT. Some tweaking will probably be necessary

6. Go around and tell the computers where they can find the printers, nas, &etc again.

7. Once everything is working, restart the machine that you were doing all the configuration from, and make sure that it can talk to, and is being filtered by untangle as well as telling it where to find all your network devices. If something doesn't work right, or you can't find something manually assign the old IP you wrote down in step 1 and see if you can find the missing devices at their old IP address.


*Note* Untangle Dedicated will need to plug into two network ports. Any two, on either the router or switch, or one of each. What we've done is create two different logical networks on a single physical network. I'll try to keep an eye on this thread just in case. Good Luck!

[lohearn]

Thanks BOFH! Here's hoping I don't get completely lost this weekend. My server is set to run on IP 192.168.0.69 right now. How will changing that affect the home server? Will the router still be able to do remote access? A friend of mine helped me set up the srever and the dlink so it all worked. I can get to the server website by a web browser, but I can also get to my home desktop using remote desktop connection, my own desktop is set to IP 192.168.0.190.

Leave it to me to remember all this after I tell you about my network. Would it be easier to just grab another switch to keep everything behind untangle?

Although I'm a PC builder, networking is far from my strong suit!

[BOFH]

You have a couple different options. You can add a secondary IP to the home server, and your desktop that are set to the OLD (E.G. 192.168.0.69) IP addresses and all the port forwards will still work, but they won't be filtered by UT. Your DLink has a rudimentary firewall built in so it's not necessarily a bad thing. The better solution is to set all the old port forwards to point to the UT box's external IP and then set port forwards on the UT box to point to the new ip addresses of the machines that you want to talk to from the outside world. An even more secure way would be to set up OpenVPN so that you can connect to your internal network from wherever and access whatever you wanted, and a single port forward that lets your webserver talk to the outside world (Port 80, 443). I'm not a big fan of having RDP available to just anyone. Windows and other services are fond of creating accounts with no password on your box which leaves it open to exploitation. If your buddy helped you do it the first time, you'll probably want to call him in again so that he can help with the port forwards/OpenVPN.

BOFH



EDIT: Everything as I described in the first walkthrough will be behind UT, with a No Unplugging option to put it in front of the UT box. By default, all BOFH's are lazy, and cheap, so we look for ways to do things without getting up from our desk, and without expending any cash. Try not to think about the network in terms of physical devices, but in terms of logical devices. There are now two separate logical networks 192.168.0.x and 192.168.1.x. Unless you specifically tell a device how to talk to the 192.168.0.x network, it can't talk to it without first going through a device that knows how to route traffic, that is UT. That's why you don't need another physical switch to talk to everything, unless you are out of ports, and even then I would keep the setup as I have it, because I don't want to buy more network cards for the devices I want to talk on both networks. Cheers,

BOFH

[lohearn]

So much to learn and figure out. My project has become delayed thanks to FedEx. The old PC I am going to use had a bad RAM stick so I ordered a new one. FedEx lost my package, it hasn't been seen in days and they admitted they have no idea where it is.

Today I received an e-mail that the package has been located and it was delivered to CA, I'm in MA - opposite sides of the country! It will be delivered this coming week so for now the project is on hold. Will give me more time to get it all figured out anyway!

[lohearn]

Okay, untangle is installed on my old PC and I think I'm ready to think about deploying.

My home network consists of 2 wired PCs, a wired WHS and 3 wireless PCs. The wireless PCs get their IPs and such from the dkink dir-655 wireless router, as well as the wired PCs. My dlink is currently configured to allow remote access to our PCs through our WHS and to let us login to our WHS via a website. I did not set this up so I'm not 100% sure what my next steps should be.

I guess I understand how to get everything that is wired behind the UT device and still keep the dlink wireless router handing out IPs and handling DHCP. My confusion arises when I think about the three wireless PCs? How do I get them behind UT?

Here's my current network (be kind, my first network diagram).

[pirateghost]

Use UT in ROUTER mode and stick the dlink dir behind it. problem solved