Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 24
  1. #11
    Newbie
    Join Date
    Nov 2011
    Posts
    12

    Default

    Having issues when setting to bridge mode.

    I decided to do a 2nd install of untangle so that my current untangle box (with old IPs and set as static) is not touched. When I deployed a second untangle box (new IP space) and set it to static, both firewalls worked fine. But when I set the new install to bridge, it totally took down the other untangle, including the esxi server (old IP), and all other servers using the old IP space and using the old untangle server. Once I shut down the new untangle server, the old ones started working again....

    both new and old are in the same vlan, not sure if that's relevant.

    Also, is it better to set as bridge mode and get rid of NAT? Wil it be as easy to secure? In my old untangle box, I use the port forwarding feature to do the NAT. I get to choose which ports and IPs get transferred to my servers, and I am able to allow SSH and RDP from my particular IPs. Would I do those as well in bridge mode?

  2. #12
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,482

    Default

    Forgive me for answering your question with another question, but:

    What happens when you plug both ends of a patch cable into the same switch?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #13
    Newbie
    Join Date
    Nov 2011
    Posts
    12

    Default

    if it's set as static it works just fine, both LAN and WAN get routed properly. But once I setup as bridge, it totally screws up my other servers.... esxi box IP becomes unpingable,

  4. #14
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,482

    Default

    Quote Originally Posted by bangsters View Post
    if it's set as static it works just fine, both LAN and WAN get routed properly. But once I setup as bridge, it totally screws up my other servers.... esxi box IP becomes unpingable,
    You haven't answered the question. And the answer to the question is the reason why you're having this issue.

    Plug both ends of a network patch cable into the same switch, and you create a broadcast storm that will take down the entire broadcast domain. This is only controlled if your switch is smart enough to support Spanning Tree Protocol.

    In your case, you're trying to use bridge mode but not properly segmenting your vSwitches. Due to the lack of separation, you're destroying your network.

    I'm going to be blunt here, just in case the point didn't come across before. The following comments aren't meant to be taken as an insult in anyway. I want to help you get this working.

    You need to go back to networking 101. Take a hard look at the way things are wired. Heck, take a patch cable and plug it into your switch twice and watch what happens. Without a detailed understanding of how Ethernetworks function, you're never going to get Untangle to work properly in a VM environment.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #15
    Master Untangler
    Join Date
    Jul 2008
    Posts
    213

    Default

    Quote Originally Posted by sky-knight View Post
    Before anyone asks UT support is on it, we're just having a very strange issue with backup/restore that I've never seen before. We'll get through it, it's just a matter of time.
    Do these issues have to do with the interfaces after the restore?

  6. #16
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,482

    Default

    No actually, it was simply a corrupted apache.pem file which I'm face palming over because the procedure to fix a badly imported certificate also fixed this unit.

    Why I didn't think of that a week ago is beyond me, thank you to Tony of UT support for making me think for 10 seconds.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #17
    Newbie
    Join Date
    Nov 2011
    Posts
    12

    Default

    Thanks. Yeah point taken and no offense taken, really appreciated everyone's input. But what I was trying to get across is that if it's set as static, it works just fine. That's how I'm currently configured, and that's how my other switches are configured. I'm trying to separate the LAN in it's own vlan, but what I wanted to get at is why some of the IPs/servers go down but not all. Some are still working fine but some are not. I would have believed that if it was creating a broadcast storm, then it would have taken down my whole network, not just select IPs and select servers.

    Thanks again and much appreciation on trying to help me figure this out. I'm trying to get this to work without creating much of a downtime and without having to redo everything from converting static to bridge instead of setting it up as bridge right away.


    Quote Originally Posted by sky-knight View Post
    You haven't answered the question. And the answer to the question is the reason why you're having this issue.

    Plug both ends of a network patch cable into the same switch, and you create a broadcast storm that will take down the entire broadcast domain. This is only controlled if your switch is smart enough to support Spanning Tree Protocol.

    In your case, you're trying to use bridge mode but not properly segmenting your vSwitches. Due to the lack of separation, you're destroying your network.

    I'm going to be blunt here, just in case the point didn't come across before. The following comments aren't meant to be taken as an insult in anyway. I want to help you get this working.

    You need to go back to networking 101. Take a hard look at the way things are wired. Heck, take a patch cable and plug it into your switch twice and watch what happens. Without a detailed understanding of how Ethernetworks function, you're never going to get Untangle to work properly in a VM environment.

  8. #18
    Newbie
    Join Date
    Nov 2011
    Posts
    12

    Default

    btw I forgot to mention, I did not try to do the patch cable to the same switch as it will crash the whole network.

  9. #19
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,482

    Default

    Broadcast storms are like lightening strikes... they do random damage, rather randomly.

    Also, when you put UT in bridge mode, the vSwitch Untangle's Internal interface is attached to must allow promiscuous mode. If it doesn't Untangle can't really work.

    So I guess what I'm trying to say, is that your network likely has some security measures in place you don't know about that are containing your configuration errors when you use Untangle as that patch cord!
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #20
    Newbie
    Join Date
    Nov 2011
    Posts
    12

    Default

    Quote Originally Posted by sky-knight View Post
    Broadcast storms are like lightening strikes... they do random damage, rather randomly.

    Also, when you put UT in bridge mode, the vSwitch Untangle's Internal interface is attached to must allow promiscuous mode. If it doesn't Untangle can't really work.

    So I guess what I'm trying to say, is that your network likely has some security measures in place you don't know about that are containing your configuration errors when you use Untangle as that patch cord!
    thanks. all our other (clients') servers are sitting nicely in their own vlans. only damn issue i have is our own servers since untangle is installed as an esxi guest.

    any idea how I can get untangle to be in bridge so it can filter our servers in say vlan 10, and all the other clients in their own vlans? I can do the easy way and just do static for our servers, or bridge just for our vlan.... but what if I want it to firewall all the other servers in multiple vlans?

    any suggestions? Our switch can do trunking but cannot do multiple vlan per port.

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2