For dummies guide to enabling DHCP on eth3, eth4, eth5 and eth6

Ok allow me to clarify...

You CAN enable DHCP support on all interfaces. But to do so you must disable the system packet filter rule that prevents DHCP access on all interfaces.

At this time there are packet filter rules built in to manually allow access to the local DHCP server for Internal and DMZ. There are no other rules for the other interfaces. I've tried many times, and never managed to get a GUI based custom rule to work. This is due to some special things that IPTables must be configured for to pass DHCP successfully.

So you CAN enable DHCP on everything, but in the process you're going to allow DHCP access on your External interface. Which is in a word... bad.

So I should say, there is no secure way to enable DHCP on interfaces other than Internal and DMZ.

And there are many reasons to enable other interfaces that don't involve DHCP. Remember, a proper DMZ shouldn't ever have DHCP on it anyway. As a DMZ should be populated by servers only. It all depends on what you're planning on doing with a given network segment. Not all network segments are created for use by network clients.

P.S. don't poke at IPTables directly, you'll only get frustrated when your settings get nuked every 15 minutes.

Quote:

---

Originally Posted by dwasserman

As said at top sky (and the wiki) no way. Only internal and Dmz

---

Then why did you point me to the wiki, it doesn't explicitly state this is not allowed? And why does Untangle support seven interfaces? What use do the other four have?

Quote:

---

Originally Posted by sky-knight

Ok allow me to clarify...

You CAN enable DHCP support on all interfaces. But to do so you must disable the system packet filter rule that prevents DHCP access on all interfaces.

At this time there are packet filter rules built in to manually allow access to the local DHCP server for Internal and DMZ. There are no other rules for the other interfaces. I've tried many times, and never managed to get a GUI based custom rule to work. This is due to some special things that IPTables must be configured for to pass DHCP successfully.

So you CAN enable DHCP on everything, but in the process you're going to allow DHCP access on your External interface. Which is in a word... bad.

So I should say, there is no secure way to enable DHCP on interfaces other than Internal and DMZ.

And there are many reasons to enable other interfaces that don't involve DHCP. Remember, a proper DMZ shouldn't ever have DHCP on it anyway. As a DMZ should be populated by servers only. It all depends on what you're planning on doing with a given network segment. Not all network segments are created for use by network clients.

P.S. don't poke at IPTables directly, you'll only get frustrated when your settings get nuked every 15 minutes.

---

Thanks for the clarification. I wonder why the developers went this route. This seems to greatly limit the functionality of Untangle. Why can't I just have one device for my small network? It sounds like Untangle really wants you to have a setup where your machine has two or at the very most three nics and a switch for all other traffic. I don't want to have to worry about this extra switch.

For networking pourposes (external, internal, dmz) but without dhcp service
Untangle is an UTM software to protect your network, dhcp service is a residual plus to small networks, but not the main function.
Maybe, if you talk us about your network and your needs, can help you better.

Untangle is a UTM appliance that targets the SMB. This imposes an "ideal network" model that the product supports beyond all else.

This "ideal network" model comes in three parts.

Internet - UT Router - LAN
Internet - Router - UT Bridge - LAN
Internet - UT Router - LAN & UT Bridge - DMZ

Yes the product supports 7 interfaces, and I happen to have a server in service with 6 active interfaces. 2 WAN, 4 LAN. 1 LAN is for the public wireless, the second is for the primary network, and 3 & 4 connect to other facilities via direct connections.

I don't need DHCP on that device at all, and one could argue that if you need Untangle to be a core router, and provide DHCP services to that many lan segments you've either designed the network incorrectly, or you're too big for Untangle.

If there is a feature Untangle needs to properly address this concern, it's a DHCP relay.