Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Newbie
    Join Date
    Jul 2013
    Posts
    6

    Default 10.2 beta vs 9.4 network setup?

    I know, it's beta...however:

    I'm using UT 9.4 and 10.2 beta.

    Both versions have the same network setup:
    (3) internal connections x.x.120.x /24, x.x.121.x /24, x.x.122.x /24
    (1) external x.x.20.x /24
    The UT server is configured for a bridge setup. The gateway on the external address is our cisco router.

    In 9.4 this setup does not work, I have internet access on the UT server but the internal connections do not work. By do not work I mean the captive portal never comes up, however, I can ping the untangle server.

    In 10.2 beta this setup works as expected.

    note: This *is* in a virtual environment, however, everything is the same between the two version of UT (same number of virtual NICs, same config, etc)

    Just curious if this is working because of the new 802.1q feature? There are some vlans involved but the switches are handling the tagging and untagging of traffic so it really shouldn't matter to the UT server...

  2. #2
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,372

    Default

    I dont know in 10.x but in 9.4 at least one internal interface must be in bridge mode and have the same external ip.
    The world is divided into 10 kinds of people, who know binary and those not

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,510

    Default

    Put real IP addresses in here and you might get some real help.

    As far as I'm aware there is no difference in bridge mode from 9.4 to 10.0. And while in bridge mode you need to limit yourself to a single IP range transiting Untangle. Any packets that hit the UVM are destroyed, and rebuilt according to the local routing table, this has a massive impact on networks using multiple ip networks passing through Untangle. Given your IP ranges appear to be contiguous you may be able to get away with widening your mask to a /16 on Untangle...

    But I can't say for certain because you've decided to hide the information that would actually show this problem.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,700

    Default

    Posting the same question to multiple parts of the forum will get you fragmented answers.

    My answer is here. http://forums.untangle.com/announcem...tml#post180243
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,510

    Default

    I saw that response as well JCoffin, and it has me fascinated... do we have a more proper "bridge" mode with 10.0. If so... that's huge.

    Yet something else to test!
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Newbie
    Join Date
    Jul 2013
    Posts
    6

    Default

    I wasn't sure if the answer was going to be as simple as "yes, it's something new in version 10", hence the limited network addresses.

    To clarify:

    172.29.120.0 is going to be our server scope, on a vlan id of 120
    172.29.121.0 is an internal scope, vlan id of 121
    172.29.122.0 is our remote scope, no vlan.

    all vlans / subnets have interfaces on the domain controller handing out DHCP and internal interfaces on the UT server acting as the gateway for unauthorized traffic.

    The external address on the UT server is 172.29.20.8, gateway is 172.29.20.1.

    See attached photos for further clarification:
    Ut 10b2


    Ut9.4


    Quick sketch of network
    Attached Images Attached Images

  7. #7
    Newbie
    Join Date
    Jul 2013
    Posts
    6

    Default

    waiting on approval of my reply..

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,510

    Default

    THAT is NOT bridge mode.

    You are configured as a router in both screen shots. If 9.4 isn't working, you've configured something wrong. Or perhaps it's as simple as you didn't ensure DNS was working.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Newbie
    Join Date
    Jul 2013
    Posts
    6

    Default

    So we established that 9.4 wasn't working due to a config issue.

    I reviewed the interfaces and noticed there was no NAT policy on one of the interfaces I was using. I added the NAT policy to match the others, added capture rules and now I have a working 9.4 and 10.2 beta. Thanks for the help, we're most likely going to be purchasing the premium software package in the near future...

    Our config is a little odd in that we have UT before our router, regardless it's working for us.
    Last edited by a5t1; 07-11-2013 at 05:37 AM.

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,510

    Default

    Beware of double NAT! If you've got another router outside of Untangle, I'd actually be removing all those NAT policies, unless you're running routed public stuff beyond it. You will need some static routes to make things work without NAT, but you'll save yourself tons of headache later.

    Also, that network doesn't look strange to me. It looks a bit... lost but not strange. I've seen far worse, and these forums will see even crazier ideas before the week is out. So if that's crazy, you're in good company.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2