Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Untangler
    Join Date
    Apr 2010
    Posts
    50

    Default Increasing the subnet size for the DHCP server in Untangle

    I have a Untangle box (community Edition) running as a firewall on my campus public wifi. Its just acting as a router/firewall/network filter.

    Network Map

    I would like to replace all of the Linksys home routers with some kind of AP like Engenius EAP600s. (not here about the AP model just something for reference).

    Removing the home routers we have all over the site (~60 of these) and replacing them with APs will drastically increase the DHCP pool from about 60-100 IPs in the 10.10.0.0 range to closer to 1000.

    We want to do this so we can centrally manage our wifi network, let untangle see the endpoints directly (helps when someone is torrenting your whole internet connection), and lower our wifi troubleshooting time when we try to figure out which AP is down.

    My formal question to the untangle community is: Can an Untangle in router mode that is the DHCP server for the network pass out IPs for more than just a /24?

    Can I change the internal IP from 10.10.0.1/24 to 10.10.0.1/21?

    Thanks in advance.

    -Arch

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Sure. You can use whatever network you want internally.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,013

    Default

    You should have no issues with this.
    Jim.Alles likes this.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Untangler
    Join Date
    Apr 2010
    Posts
    50

    Default

    Awesome, Thanks guys. Just wanted to make sure the DHCP server would handle a larger subnet.

  5. #5
    Untangler
    Join Date
    Apr 2010
    Posts
    50

    Default

    So, in the DHCP settings, I just set the range to 10.10.0.5 - 10.10.16.200 ? Would that work?

  6. #6
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,447

    Default

    yes, on a subnet of the the 10.0.0.0/8 network, no problem whatsoever.
    It gets a little trickier for dnsmasq if you want to supernet 192.168.0.0/24s, but that is also doable.
    If you think I got Grumpy

  7. #7
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,013

    Default

    Quote Originally Posted by Archness View Post
    So, in the DHCP settings, I just set the range to 10.10.0.5 - 10.10.16.200 ? Would that work?
    Yes, but after changing the internal NIC netmask first.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  8. #8
    Untangler
    Join Date
    Apr 2010
    Posts
    50

    Default

    I made it a /20 which shpuld be 16 class C. so that should work.

    thanks

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,958

    Default

    Erm... classes don't exist anymore. And even if they did, 10. is the class A range, not the C. So all you have to do is back the mask off to /20.

    So if you changed the IP of internal from 10.10.0.1/24 to 10.10.0.1/20, it'll gain the ability to communicate with the additional addresses. From there you simply change DHCP to something appropriate. Max range is now 10.10.0.0 - 10.10.15.255.

    http://www.subnet-calculator.com/cidr.php Is handy
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #10
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,447

    Default

    Rob did catch something that I missed, having set the range to 10.10.0.5 - 10.10.16.200 will not work, dnsmasq will say:
    Code:
    ... DHCP range 10.10.0.5 - 10.10.16.200 is not consistent with netmask 255.255.240.0
    Jan 20 23:30:29 NGFW-HP-G4 dnsmasq-dhcp[10242]: no address range available for DHCP request via eth6
    , and break.


    Quote Originally Posted by sky-knight View Post
    Erm... classes don't exist anymore.
    good luck deleting THAT from the Internet.


    RFC1918 still has this language:
    Code:
    3. Private Address Space
    
       The Internet Assigned Numbers Authority (IANA) has reserved the
       following three blocks of the IP address space for private internets:
    
         10.0.0.0        -   10.255.255.255  (10/8 prefix)
         172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
         192.168.0.0     -   192.168.255.255 (192.168/16 prefix)
    
       We will refer to the first block as "24-bit block", the second as
       "20-bit block", and to the third as "16-bit" block. Note that (in
       pre-CIDR notation) the first block is nothing but a single class A
       network number, while the second block is a set of 16 contiguous
       class B network numbers, and third block is a set of 256 contiguous
       class C network numbers.
    I think there is a real issue to avoid:
    http://forums.untangle.com/networking/34370-dhcp-lease-range-issues.html

    Looking closely at dnsmasq, NGFW's DHCP & DNS internal server package, it makes some default decisions based on the class of the subnet assigned to an interface.

    This is it's legacy. You can tell it to hand out addresses on multiple /24s, in the 192.168.0.0/16 block, but you have to tell it that explicitly (read: advanced).

    I think we have to take this literally:
    dnsmasq will automatically use the correct dhcp-range for the correct interface based on IP addresses.

    Any range whose start and end addresses fall into a subnet where the
    interface has an IP address in that subnet is considered, any one
    which doesn't, is ignored.


    Cheers,

    Simon.
    I think it is easier to plan your prefix well, and subnet. And to re-assure the O.P., that is exactly what you are doing!
    (sorry to hijack the thread)
    Last edited by Jim.Alles; 01-20-2015 at 09:32 PM.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2