2 WAN and 2 LAN on same box

[yotefn]

Hi, I'm sure I'm repeating a previous post... Sorry

I am setting up a new box for a school. The current setup has 2 separate subnets, one for staff network, and one for student network. They are routed out to 2 separate external IPs to the internet. Mail comes in to the staff server through one of the external IPs, which I've been using port forwarding for (not DMZ).

We want to enable filtering for both networks, without the overhead of 2 filtering devices. I have 4 gigabit ports in an old 2u server, and I want the untangle to route both networks through both external IPs independantly, so that one network can not see the other. How do I do that?

[sky-knight]

Buy the premium sub, because you need WAN balancer. The eSoft filter is CIPA compliant as well.

After that, start configuring. Untangle supports 7 interfaces, within those 7 you can have as many combinations of LAN vs WANs you want. So yes, 2 and 2 is easily doable.

[yotefn]

OK, I'm trying but I can't seem to figure out how to bind 2 different DHCP subnets to two different interfaces. Any ideas?

Oh, is there any kind of setup manual other than the quick start guide? I would love some more detailed setup info.

[bigdessert]

OK, I'm trying but I can't seem to figure out how to bind 2 different DHCP subnets to two different interfaces. Any ideas?

Oh, is there any kind of setup manual other than the quick start guide? I would love some more detailed setup info.

two separate DHCP subnets is doable, but has to be manual.

Say your two LAN gateway addresses are 192.168.1.0 and 192.168.2.0 Setup the standard DHCP in networking for 192.168.1.0.

Now go to Networking->Advanced->DHCP & DNS and put this in the box

Code:

dhcp-range=192.168.2.100,192.168.2.200,14400

This will add a second DHCP server range for the 192.168.2.0 subnet assigning addresses from 100 to 200 with a lease of 14400.

[yotefn]

I read the fantastic post about multiple subnets and DHCP at:

forums.untangle.com/tip-day/7206-dhcp-multiple-networks.html

but someone asked a question there that wasn't answered, and I have 3 more:

1) When I enable DHCP requests from all interfaces, will I be enabling DHCP requests from external sources?
2) Can I configure a different DNS server for each subnet?
3) If I want the different subnets to show different external IP's, (i.e. I want to use different OpenDNS rules for the two subnets) how do I configure the NAT rules for that (if the rules were on the external interfaces I think I could do it)
4) Why must one interface be DMZ? I just want two plain firewalled internal and external...

Sorry for all the questions, but hopefully when I get a hold of this beast I'll be able to answer your questions as well...

[hlarsen]

1) if you uncheck 'Block all DHCP Requests to the local DHCP Server' in the Packet Filter - yes; read this
2) i think so, check the dnsmasq man page
3) you can use Source Routing in WAN Balancer (if i'm reading your question right)
4) it's just a name for the interface

anyone else please feel free to chime in if i am incorrect

[yotefn]

Hooray, I'm up and running...

Just one more thing:

I tried using the source routing but my external IP from both subnets is automatically the "External" interface. Also, port forwarding for one of the external IP's takes effect for both of them (i.e. Only 98.x.x.3:443 is forwarded to 10.x.x.3, but not 98.x.x.4. But from outside, 98.x.x.4 still forwards to 10.x.x.3)
Both of my external IP's are in the same subnet. Is that why?

[hlarsen]

how are your port fowards set up? it should be Destination Address: 9.x.x.3; take out Destined Local if it is in there.

sounds like you don't have two WANs, just an extra alias.
you'll need to use the NAT Policy on the internal interface(s) to route out the aliases. just add 10.x.x.x/32 <extIP> above the 0.0.0.0/auto on the interface(s) in question, or use a bigger mask if you want multiple boxes to use it. you already have the other IP added to the External interface as an alias, right?