Results 1 to 4 of 4
  1. #1
    Newbie
    Join Date
    Dec 2011
    Posts
    7

    Default Bridge Mode multiple subnets issue

    We are new to untangled and are looking at this as a possible replacement for an existing system. We have a firewall in place and would like to use untangled for web filtering, virus, spyware, adware, and spam blocking. Possibly web cache as well. We've installed untangle 9.1 in bridge mode.

    Network is as follows:

    Internet <-- [x.x.x.x - {cisco asa/firewall} - 10.21.6.3/16] --> [ { lan switch}- 10.21.6.1/16]

    {lan switch} connects to multiple subnets for remote locations.
    10.22.0.0/16
    10.23.0.0/16

    Plan is to set untangled between cisco firewall and lan switch in bridge mode. External interface given 10.1.0.1/16 and default gateway of 10.21.6.3 (the cisco firewall/router). The internal interface is set to bridge to the external interface. This has been done and everything seems to work correctly for the "main" 10.21.0.0/16 network. However, none of the other networks seem to work.

    We followed the Networking FAQ for multiple subnets and added routes for 10.22.0.0/16 and 10.23.0.0/16 providing 10.21.6.1 as the gateway. Still does not work to non-main subnet. Added aliases in for external ip. Still no luck. (Also tried 10.1.0.1/8 for the external interface ... no luck)

    During configuration changes, we noticed that the system seems to work for 3-5 seconds. ie, user system at 10.22.0.5/16 can access the internet through untangled for a short period of time (3-10 seconds). Untangled will also block content from this ip for this short period. After this time goes by, internet access is gone for systems not in the main subnet.

    Although we are not very familiar untangled or its configuration, we think the network settings to be correct. Untangled can ping main subnet as well as 10.22.0.0 and 10.23.0.0. Main subnet has internet access. If we run "/etc/rc.d/untangle-net-alpaca-iptables stop" all subnets get internet access. So, I'm not sure this is a routing problem? Any help will be greatly appreciated. Thanks.

  2. #2
    Newbie
    Join Date
    Jul 2011
    Posts
    2

    Default Have smae issue

    Did you get this fixed

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,241

    Default

    Thread necro? I'm not sure how I missed this thread in December, but heck I was probably trying to get ready for the new year.

    Assuming the switch behind Untangle in this case is doing layer 3 work, the static routes should be all that is required for Untangle to communicate with the other local networks.

    For anyone else trying to face this issue, please use the ping test feature in your troubleshooting tools to isolate this issue. If Untangle cannot ping a device on one of the VLANs, it isn't going to work. You need to correct the routing table such that Untangle can communicate with all networks. Once this is accomplished, Untangle will deal process things properly.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Untangler
    Join Date
    Dec 2010
    Posts
    83

    Default

    Hello,
    You can configure Untangle with external interface behind the ASA's Internal Network. And configure Untangle with one Internal Interface beside your default vLAN or Servers vLAN.

    Make sure the L3 switch is doing all the Inter-vLAN routing between the vLANs. Configure the Untangle as Transparent Mode. In the Networking -> Config -> Switch to Advanced then Routes and add static route for each vLAN to be reach via the default gateway of the Untangle Internal Interface.

    Example:

    UT External: 10.21.6.10
    UT Internal: 10.22.6.10

    vLAN 10.22.6.0 will reach the Untangle Internal interface without any issue.
    vLAN 10.23.0.0/16 you will require to add a static route for it in the Untangle Advaced Route.

    10.23.x.x mask /16 must reach via vLAN Interface of 10.22.6.1

    Thanks,

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2