Network config assist with 4 Untangle interfaces

[malmond]

Newbie alert...

Current setup

Untangle is in Router Mode and has 4 network ports
ETH0 - WAN/Internet

ETH1 - Internal private network
giving out DHCP 192.168.110.x/24

DMZ - Nothing connected

ETH3 - Nothing connected

I would like to set up the following on DMZ and ETH3 but I am not sure how to go about it.

DMZ - wireless only guest network with access to internet only, but subject to filter rules etc..

ETH3 - Private subnet with untangle providing DHCP and ability to route traffic between private network on ETH1. 172.16.0.x/24

Hope this is enough to get the conversation started.

Matt

[sky-knight]

The issue... is that Untangle can't offere DHCP on any interfaces other than Internal and DMZ.

There is a block all DHCP rule, and two pass rules, one for each of those interfaces. Because the IPTables rule to allow DHCP is specific to DHCP, we can't add a new rule via the packet filter GUI. So the only option is to remove the DHCP block rule, but that allows your DHCP service to go out External!

I haven't as if yet found a way around this limitation.

[malmond]

Thanks for the info, I appreciate your insight.

What if I changed this up so that ETH3 had a consumer grade wireless router plugged into it to provide access to a guest wireless network. I coukd then hook into the DMZ for my second subnet?

Does that hold any water?

[sky-knight]

Yes it does!

Linksys routers in advanced mode have a drop down that allows you to choose gateway / router mode. In router mode, NAT is disabled, and the device functions as a normal router.

You can at that point use static routes on Untangle, and the linksys router to attach your wireless network to the Untangle, while providing layer 3 separation and freeing the linksys router to provide DHCP functionality to the wireless segment. This configuration also allows the Untangle server to see the live IPs of the connected clients so reports are nice and clean.

It's a bit of work, but it can be done.

[malmond]

Very good news...

I will dig in and see if I can tackle the routing etc...

Again, many thanks for your insight!

[malmond]

I am not getting this sky-night. I wonder if you can provide some additional details. I have assigned ETH3 the address 192.168.110.8. I can see how to turn off NAT in the linksys and add a route, but I am missing somthing along the way.

Thanks in advance.