Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15
  1. #11
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,125

    Default

    Ok allow me to clarify...

    You CAN enable DHCP support on all interfaces. But to do so you must disable the system packet filter rule that prevents DHCP access on all interfaces.

    At this time there are packet filter rules built in to manually allow access to the local DHCP server for Internal and DMZ. There are no other rules for the other interfaces. I've tried many times, and never managed to get a GUI based custom rule to work. This is due to some special things that IPTables must be configured for to pass DHCP successfully.

    So you CAN enable DHCP on everything, but in the process you're going to allow DHCP access on your External interface. Which is in a word... bad.

    So I should say, there is no secure way to enable DHCP on interfaces other than Internal and DMZ.

    And there are many reasons to enable other interfaces that don't involve DHCP. Remember, a proper DMZ shouldn't ever have DHCP on it anyway. As a DMZ should be populated by servers only. It all depends on what you're planning on doing with a given network segment. Not all network segments are created for use by network clients.

    P.S. don't poke at IPTables directly, you'll only get frustrated when your settings get nuked every 15 minutes.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #12
    Untanglit
    Join Date
    Jun 2010
    Posts
    18

    Default

    Quote Originally Posted by dwasserman View Post
    As said at top sky (and the wiki) no way. Only internal and Dmz
    Then why did you point me to the wiki, it doesn't explicitly state this is not allowed? And why does Untangle support seven interfaces? What use do the other four have?

  3. #13
    Untanglit
    Join Date
    Jun 2010
    Posts
    18

    Default

    Quote Originally Posted by sky-knight View Post
    Ok allow me to clarify...

    You CAN enable DHCP support on all interfaces. But to do so you must disable the system packet filter rule that prevents DHCP access on all interfaces.

    At this time there are packet filter rules built in to manually allow access to the local DHCP server for Internal and DMZ. There are no other rules for the other interfaces. I've tried many times, and never managed to get a GUI based custom rule to work. This is due to some special things that IPTables must be configured for to pass DHCP successfully.

    So you CAN enable DHCP on everything, but in the process you're going to allow DHCP access on your External interface. Which is in a word... bad.

    So I should say, there is no secure way to enable DHCP on interfaces other than Internal and DMZ.

    And there are many reasons to enable other interfaces that don't involve DHCP. Remember, a proper DMZ shouldn't ever have DHCP on it anyway. As a DMZ should be populated by servers only. It all depends on what you're planning on doing with a given network segment. Not all network segments are created for use by network clients.

    P.S. don't poke at IPTables directly, you'll only get frustrated when your settings get nuked every 15 minutes.
    Thanks for the clarification. I wonder why the developers went this route. This seems to greatly limit the functionality of Untangle. Why can't I just have one device for my small network? It sounds like Untangle really wants you to have a setup where your machine has two or at the very most three nics and a switch for all other traffic. I don't want to have to worry about this extra switch.

  4. #14
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,366

    Default

    For networking pourposes (external, internal, dmz) but without dhcp service
    Untangle is an UTM software to protect your network, dhcp service is a residual plus to small networks, but not the main function.
    Maybe, if you talk us about your network and your needs, can help you better.
    The world is divided into 10 kinds of people, who know binary and those not

  5. #15
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,125

    Default

    Untangle is a UTM appliance that targets the SMB. This imposes an "ideal network" model that the product supports beyond all else.

    This "ideal network" model comes in three parts.

    Internet - UT Router - LAN
    Internet - Router - UT Bridge - LAN
    Internet - UT Router - LAN & UT Bridge - DMZ

    Yes the product supports 7 interfaces, and I happen to have a server in service with 6 active interfaces. 2 WAN, 4 LAN. 1 LAN is for the public wireless, the second is for the primary network, and 3 & 4 connect to other facilities via direct connections.

    I don't need DHCP on that device at all, and one could argue that if you need Untangle to be a core router, and provide DHCP services to that many lan segments you've either designed the network incorrectly, or you're too big for Untangle.

    If there is a feature Untangle needs to properly address this concern, it's a DHCP relay.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 2 of 2 FirstFirst 12

LinkBacks (?)


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2