Results 1 to 9 of 9
  1. #1
    Untangler
    Join Date
    Dec 2010
    Posts
    83

    Default Allowing Internet to Clients Via Untangle

    Hi Guys,
    I have setup Untangle with two Interfaces one beside the internet and the other in the internal LAN.

    Internal: 172.16.30.21 without gateway
    External: 192.168.21.21 With Gateway 192.168.21.1

    If setup any client in 172.16.30.1 gateway as Interface vLAN 172.x internet is not accessible. But if I setup the same client as 172.16.30.21 gateway which is the inside interface of Untangle, internet will work.

    How can I allow the clients who's having gateway 172.16.30.1 to access internet using Untangle?

    Attached network diagram.

    Thanks,

  2. #2
    Master Untangler Big D's Avatar
    Join Date
    Nov 2008
    Posts
    719

    Default

    I am assuming router mode. I am assuming no VLAN tags are trying to go through UT (UT kills VLAN tags).

    In theory you should be able to configure your workstation with the UT gateway. And as long as UT has a valid IP in the other VLAN and a gateway set to the router in front of the WAN, it should work.

    Other questions are DNS, DHCP or manual gateway assignment.
    The beatings shall continue until morale improves!

  3. #3
    Untangler
    Join Date
    Dec 2010
    Posts
    83

    Default

    Hi,
    Thanks for your reply. I don't want to set the UT as gateway for 172.16.30.0 clients. I want to reply on 30.1 as gateway, but having access to the internet via UT. Is that accomplish-able ?

    UT in Router Mode both interfaces set to Static, and the eth0 sets as WAN.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,241

    Default

    It sounds to me like you've got it wired in backwards.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Untangler
    Join Date
    Dec 2010
    Posts
    83

    Default

    Why?

  6. #6
    Master Untangler Big D's Avatar
    Join Date
    Nov 2008
    Posts
    719

    Default

    Well you can normally only have one gateway on a workstation/server. If you want local traffic to not hop over the UT device your gonna have to get creative with how your routing devices are handling traffic. Basically you would have to tell traffic destined to an external IP to route to UT.

    Not sure how you would do that. I would just tell stuff in the 172 network to use UT as gateway and be done, but I'm lazy. But you are utilizing Vlans so there might be a hidden piece to this puzzle I don't see.

    Usually this would be the last entry in the routing table often referred to as the gateway of last resort.

    192.168.21.x -> vLAN21
    for vLAN 172 - 0.0.0.0 -> UT

    I haven't really had a chance to play with vLANS too much so I am not entirely sure how the inner workings function exactly.
    Last edited by Big D; 08-04-2011 at 08:47 AM.
    The beatings shall continue until morale improves!

  7. #7
    Untangler
    Join Date
    Dec 2010
    Posts
    83

    Default

    Quote Originally Posted by Big D View Post
    But you are utilizing Vlans so there might be a hidden piece to this puzzle I don't see.
    The hidden piece to this puzzle is to have a default static route in the switch where the 172 vlan configured like 0.0.0.0 mask 0.0.0.0 go via 172.16.30.21 but the problem I cannot do this as already there is another static route that points to the Core Passport.

    Also, I cannot depend on the 172.16.30.21 as a getaway for my Hosts where all the VMs are hosted, If Untangle VM is not available, that another problem for me. But will try to make a tricky way to have das.isolationNetwork into the ESX and rely on the 172.16.30.21 as a default gateway, if this gateway not available, ESX will automatically try to find 172.16.30.1 as default gateway I think, this should solve the issue

  8. #8
    Untangler
    Join Date
    Dec 2010
    Posts
    83

  9. #9
    Untangler
    Join Date
    Dec 2010
    Posts
    83

    Default

    Quote Originally Posted by habibalby View Post

    This solved the problem, Point the ESX Server to 30.21 gateway and das.isolationnetwork points to the physical gateway 30.1. I tried switching off 30.21 gateway and 30.1 pickup directly.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2