Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 29
  1. #11
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,510

    Default

    Ahh yes, well that is relatively recent. And I wouldn't call it "supported" since it requires some advanced mode magic. But it does work.

    And the source interface matchers may have changed with 9.2, but that doesn't mean they don't work. You just can't match multiple interfaces with a single rule anymore.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #12
    Untangler SidSid's Avatar
    Join Date
    Jul 2010
    Posts
    71

    Default Looking at my previous info . . . what do I need to do?

    Quote Originally Posted by sky-knight View Post
    Ahh yes, well that is relatively recent . . . but that doesn't mean they don't work. You just can't match multiple interfaces with a single rule anymore.

    I'm lost -lol

    Thanks Sid

  3. #13
    Untangler SidSid's Avatar
    Join Date
    Jul 2010
    Posts
    71

    Default My info . . .

    So how do I get DHCP working on other Interfaces?
    ----------------------------------------------

    I have DMZ, eth3, eth4, eth5 set as static and as one example 50.50.1.1 / 24

    Likewise under advance DHCP & DNS

    dhcp-range=eth3,030.30.1.100,30.30.1.200,14400
    dhcp-range=eth4,040.40.1.100,40.40.1.200,14400
    dhcp-range=eth5,050.50.1.100,50.50.1.200,14400

    Thanks Sid

  4. #14
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,510

    Default

    Get rid of ethx, DNSMasq is quite capable of figuring out what interface is correct based on the address bound to the interface.

    Afterwards all you have to do is get the packet filter out of the way.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #15
    Untangler SidSid's Avatar
    Join Date
    Jul 2010
    Posts
    71

    Default First Step . . .

    drop ethx . . .
    dhcp-range=030.30.1.100,30.30.1.200,14400
    dhcp-range=040.40.1.100,40.40.1.200,14400
    dhcp-range=050.50.1.100,50.50.1.200,14400

  6. #16
    Untangler SidSid's Avatar
    Join Date
    Jul 2010
    Posts
    71

    Default Advance> packet filter> create rule | Question for using DHCP on multiple networks

    "Create a rule to Drop DHCP on all the interfaces: Action: Drop; Protocol: UDP, Destination Port: 67, Source Interface: (check all interfaces)"
    -----------------------------------------------------------------

    When the documentation states "check all interfaces" does that include "WAN" and "OpenVPN" under Source Interface?

    Also, multiple interface selections doesen't appear to be allowed under advance packet filter create.

    Thanks
    Sid

  7. #17
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,510

    Default

    It isn't. That's why leaving the block all rule in place and creating pass rules for the DHCP traffic per interface makes more sense.

    The key is to not enable DHCP services on a WAN interface. I don't think having it exposed to the OpenVPN virtual interface matters, because openvpn does its down dhcp thing in its own way.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #18

  9. #19
    Untangler SidSid's Avatar
    Join Date
    Jul 2010
    Posts
    71

    Default

    So under

    Configuration>Networking>Advanced>Packet Filters> System Packet Filter Rules

    I should check . . .

    "Block all DHCP Requests to the local DHCP Server"

    ?

    Thanks
    Sid

  10. #20
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,510

    Default

    Yes, then make rules that pass dhcp traffic. I think the rule you need is just something to pass udp port 67. You can't really specify a destination address, but source interface blah would be ok.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 2 of 3 FirstFirst 123 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2