Results 1 to 4 of 4
  1. #1
    Untanglit
    Join Date
    Aug 2019
    Posts
    23

    Default Disable NAT; router (not bridge) mode desired

    Hello Untangle Community,

    I did find a few posts on this topic but all were at least 6 years old and most about 9+ years old so, given how much the product has evolved during that timeframe, I thought it made sense to ask again...

    I have a fairly simple network but I do run 2 FWs in series. I am testing Untangle to operate behind my border FW which is what currently handles all of my NAT. I understand bridge mode is an option here but I am trying to stick with Untangle operating as a router. If keeping routing really does require NAT, which is kind of the impression I'm getting, then so be it. I would prefer to not double-NAT but if that's the only way, then it is what it is.

    Topology summary

    Again, really basic - My LAN side ingress is via a single PHY with all IP across two VLANs and all interior hosts are in the same subnets as the VLANs. I have a single WAN uplink that feeds into the LAN of my border FW which is config'd as the DG for the Untangle. I also disabled NAT on the Untangle WAN interface but unfortunately, despite all this, no traffic makes it beyond the Untangle device.

    Some of the previous posts I read discussed routing protocols and static routes but as long as Untangle is stateful and allows return traffic for sessions initiated inside, none of that should be required.

    Thanks in advance for any feedback you might have.
    Last edited by czeus; 08-21-2021 at 05:52 PM.

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,173

    Default

    Nope, routing doesn't require NAT. It's just a tick box on the WAN interface, turn that off and POOF no more NAT.

    You will however need a route on the edge device for things destined to the network behind Untangle targeting Untangle's WAN IP address. Otherwise your border device won't know what to do with packets, and send them to its default route... IE the Internet. No routes are required on Untangle because its default route will be the border router, so everything goes there well... by default.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untanglit
    Join Date
    Aug 2019
    Posts
    23

    Default

    Hey @sky-knight - thanks for the clarification and I think I found the issue. My testbed has a little more complexity that is causing the return path to bifurcate in an unworkable fashion. So, gonna stick with double-NAT for now but would like to ask...

    Do we lose anything by getting rid of NAT on the Untangle box? Several of the other older posts I've read seem to indicate no downside but I still want to double check...

    Tansk again for your help - very much appreictd...

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,173

    Default

    Nope, it just stops translating the packets by default. You can still use NAT policy to force a translation, heck you can even port forward still.

    There is no functionality lost, just changes in how things are flowing.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2