Results 1 to 8 of 8
  1. #1
    Newbie
    Join Date
    Jan 2008
    Posts
    10

    Default Untangle with SME 7.x

    I have a client with SME Server 7.x running as router/firewall, dhcp, mail, ftp, and www services for about 40 users. They are mostly looking for the content filtering (e.g. blocking social networking sites) however I am sure everything else the basic UT server provides will be great as well.

    Here is my question... how, and where do I put the UT server? The SME is pluged directly into the DSL modem (static IP)

    I am guessing the UT box should go in its place, setting the static IP, but then what IP do I give the LAN side of UT, (I am 'guessing' something outside of the scope for the LAN side of the SME box, then just redo the SME's static IP to whatever the LAN side of the is...?

    e.g.

    Ext IP-64.123.123.123
    UT
    LAN-IP 10.0.0.2

    Ext-IP 10.0.0.10
    SME
    LAN-IP 10.0.0.100-200


    DNS and gateway for the SME would be 10.0.0.2 right?
    UT box would have to forward ports 21,25,80,445 to 10.0.0.10 right?

    After that, just turn in on and watch the magic?

    Thanks, hope I explained that close enough.

  2. #2
    some dude hlarsen's Avatar
    Join Date
    Jul 2010
    Location
    sfba
    Posts
    1,384

    Default

    well do you want to replace the SME box or keep it doing DHCP and all that?
    you can always just put Untangle in bridge mode behind it and not have to change anything on the SME box.

  3. #3
    Untangle Ninja mrunkel's Avatar
    Join Date
    Jul 2008
    Posts
    3,022

    Default

    If you want to protect both the users and use the anti-spam and want reporting, you'll need to do some reconfiguration.

    If you don't care about reporting, then you can just place the Untangle into bridge mode and assign it another external IP. Everything stays the same except you plug the Untangle's external interface into the DSL mode and plug the cable you unplugged from the DSL modem into the internal interface of the Untangle. And you're done.

    If you don't have another IP or want reporting on users activity, Untangle will need to perform NAT and be the default gateway for your network.

    Assign your public IP to the external interface of the Untangle. Assign 10.0.0.1 to the untangle's internal interface. Have it start providing DHCP and DNS for your network. Assign the SME box a new internal IP and plug it into the network, turn DHCP and DNS off.

    Forward the ports you've listed except for ftp you'll need to forward other ports as well (there is a big thread in the forums about how to get FTP working). Also, It's pretty poor form to expose 445 to the Internet.
    m.
    <BR>
    Big Frickin Disclaimer:
    While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.
    <BR>It often helps troubleshooting if you have a good network map. Look <A HREF="http://forums.untangle.com/tip-day/5407-how-draw-network-diagram.html">here</A> if you want my advice on how to draw one. <BR> <B>Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com<B>

  4. #4
    Newbie
    Join Date
    Jan 2008
    Posts
    10

    Default Don't care much about reporting

    Ok... so, I don't have a 2nd IP, however I don't care about reporting.

    SME MUST stay since that's what is doing all the mail, webhosting, ftp, etc at the moment. (As well as DHCP, file shares, etc)

    I want content filter, spam filter etc (all the free stuff ) from untangle. Don't care about reporting (however I can still see the spam right? e.g. see what its stopping, and letting go?)

    Don't care if it shows who tried to get to what website as long as its blocking it, and the #1 reason they want this unit is to block social networking sites.

    If I put it in bridge mode, plug the dsl into the UT, and the UT into the SME and the SME into the Switch... are we all good to go with the above?

    Some other (non UT users) told me I would be double NAT'd with that config? Is this correct?

    Will I have to forward ports to the SME box in this case, or just simply throw it in the stream and watch it do its majic ;-)

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,490

    Default

    If you put UT outside of SME, you will need a second public address to configure the bridge with. Your only other alternative is to put Untangle in router mode, give it your current public IP address, and have it do NAT to the outside of the SME server. From there that server will NAT to internal. And the port forwards you'll require are rather intense.

    There is no magic here, your solution is too integrated and there is very little room to maneuver. The only "easy" way to meet this objective is with two public addresses.

    Also, please read up on what a bridge is vs what a router is. Bridges don't route, and don't do NAT. So double NAT with a bridge is rather impossible.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Newbie
    Join Date
    Jan 2008
    Posts
    10

    Default

    OK, so, short version is... I leave it in Bridge mode, I put it between the SME and Switch, and it will do content filtering, but no spam filtering right?
    The SME is the router as it sits now, from what I am seeing here the only other (reasonable) fix would be to get a SOHO router, put the port forwarding in place, turn on DHCP, (turn off on the SME), and put the UT between the SOHO router and the SME. Then I would have spam and content filtering correct?

  7. #7
    Newbie
    Join Date
    Jan 2008
    Posts
    10

    Default

    On thing I really don't understand is how two public IP address will solve anything? I have only installed UT's as a Bridge, and between the 'Router' (e.g. Cisco ASA) and the switch... After that, I just turned them on...and they worked as expected, (And... Sorry Rob, but I do feel it was a little bit like magic do to the simplicity of it)
    In this case however the SME is the Router (and FTP, eMail, Web, etc server) I feel the UT box HAS to be ahead of it in bridge mode, or somehow I have to convert the SME from Server-Gateway to Standalone... Another trick I have never done.

  8. #8
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,327

    Default

    I'd suggest you really should just put UT in as your router, and reconfigure SME. Yes, that means you need to do a little fiddling with SME, but once it's done you won't have any further hassle with it and your setup will work as it should. Every other option is will have inconvenient consequences.

    The idea of putting in a SOHO router in ahead of both UT and SME accomplishes nothing; UT can route better than a SOHO router, so why add yet another device?

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2