how would i do this in untangle?

[goodcooper]

i realize this is an overly complicated setup, and believe me, i want things to be as simple as possible.... but here goes...

ok, i currently have a location with 2 separate networks,

one controlled by me with untangle, 10.0.10.1/24, and one controlled by someone else, with a cisco PIX (that i'm more or less not allowed to touch), connecting to a VPN, 10.197.50.1/24 (an address from them), both connected to their own internet connections

there is a service on the latter network that all of my computers need to get to, but other than that, there really isn't any reason for them to be handing ANY addresses out to any of my computers or printers, etc.

so... i want to add the second network to the first network's untangle machine
i have 4 network cards, here is what i would like to have...

eth0: internet
eth1:10.197.50.2 (connected to the cisco PIX, which would then be disconnected from the switch for that network)
eth2: my existing 10.0.10.1/24
eth3: my new 10.3.10.1/24

i would like both my networks on eth2/3 to use eth0 for internet, and i would like ONLY the new network on eth3 to use the network resources from eth1

i would like the networks on both eth2/eth3 to be able to access each others resources...

how in the world would i do this?


i posted over in untangles forums and got crickets for 2 days... so now i'll try here
i've sort of been looking for an excuse to switch over to pfsense, but right now that would be an enormous job, as the 10.0.10.1 box mentioned above is connected to 19 other sites via openVPN

 

[TCM]

I know zilch about Untangle, but the problem at hand is a simple routing/filter setup.

You box knows about 10.197.50.0/24 so all your machines behind eth2 and eth3 can use that specific service. The default route allows them to use the Internet via eth0.

Naturally, hosts on eth2 and eth3 can see each other.

So what remains is basically the "problem" of denying all hosts not on eth3 access to the network on eth1? Is that right? How is that hard?

 

[goodcooper]

I know zilch about Untangle, but the problem at hand is a simple routing/filter setup.

You box knows about 10.197.50.0/24 so all your machines behind eth2 and eth3 can use that specific service. The default route allows them to use the Internet via eth0.

Naturally, hosts on eth2 and eth3 can see each other.

So what remains is basically the "problem" of denying all hosts not on eth3 access to the network on eth1? Is that right? How is that hard?

if i had a cisco or pfsense box i could probably just hunker down and sort it all out, but so much stuff happens automatically in untangle i was hoping somebody had somewhere for me to start...

most of this is definitely going to be done in advanced mode, that's for sure, was just hoping somebody with something similar could help out... guess i'll just start grinding on it...

 

[YeOldeStonecat]

What have you entered so far for Routes?

 

[goodcooper]

here's what i got for routes right now....

btw, that is my public ip... i trust you guys
for reference as to what's plugged into what:
eth0 - tw cable
eth1 - 10.0.10.1/24
eth2 -
eth3 - 10.197.50.2
eth4 - 10.3.10.1/24

10.229.181.0 is the network that has the far resource that the cisco pix connects to....

i was wondering if i should block ALL traffic going to 10.192.50.1, then allow from 10.3.10.0/24, but then i figured blocking 10.0.10.1(the only other one on the system) should be just the same...

over lunch i realized that my soft vpn clients connecting to untangle wouldn't be able to connect to that either though...

i may redo that...

 

[/usr/home]

A network diagram that's labelled and with IPs would help a lot.

 

[goodcooper]

A network diagram that's labelled and with IPs would help a lot.

well let me preface this post by saying i despise making network diagrams, and just looking at this one is bothering me considerably...

hopefully you get the idea of what i'm trying to do though...

EDIT: on the far right of the diagram, that should be a 10.0.10.0/24, not 10.1.10.0/24, sorry for the typo, numbers run together after a while

 

[dashpuppy]

I used to do this long time ago with my untangle, I had multiple nics in e box tho, want my diagram and instructions ?

 

[dashpuppy]

http://wiki.untangle.com/index.php/Inital_Setup#Common_Configuration_Questions

And

http://forums.untangle.com/networking/22518-multiple-subnets-dhcp-dns-issue.html