Untangle Your Network Security - Building the Network

Article Index


Building the Network


The software is really easy to install and just as easy to manage.  I repurposed a Compaq Presario SR1563CL that my parents gave to me after their last upgrade.  It had been sitting in a closet for several months unused.  The computer came with the following specifications.

    AMD Athlon 64 3400+
    1GB RAM (shared with video)
    200GB SATA Hard Drive
    Integrated RTL8201CL 10/100 NIC

I added a second RTL8139 10/100 NIC that I purchased from a local computer parts supplier for a mere $5.35.

Before installing the software, I considered completely redesigning my network.  My previous configuration was a NetGear WRT634G connected directly to the cable modem and acting as an SPI firewall and router.  Port 1 was connected to a Vonage Motorola device.  Port 2 was connected to my media server (mentioned in a previous article for recording TV and sharing 500GB of audio and video across my home network).  Everything else in the house was wireless over encrypted tunnels.

The original setup caused me problems with Vonage phone service whenever I was downloading huge files.  My phone was out of commission for all intents and purposes for over a day while downloading the Knoppix 5.1 DVD.  By following Vonage's recommendation and placing their device outside of the firewall, it could consume the traffic that it needed for voice communications and leave the rest available for internet traffic.

Before I could completely rewire the network, I had to configure the computer.  I downloaded the Untangle software from www.untangle.com and burned it to a CD.  I had some problems initially with the software hanging at 80% on install.   A search on the forums did not provide any answers to my problems, but a simple BIOS modification on the computer fixed the issue.  I disabled the 1394 port and legacy USB support in the BIOS, rebooted the computer, and succeeded in installing the software.

Redesign of the network was simple.  I plugged the Vonage device directly to the cable modem and modified its configuration to point all traffic to a DMZ on port 1.  The Vonage devie was a little tricky cracking into because Vonage will not readily provide a username and password for configuration.  A quick Google search revealed that the username is 'router' and the password is also 'router' (I have since changed these for security).

From port 1 on the Vonage device, I connected a patch cable to the public interface on the Presario.  From the private interface on the Presario, I connected the NetGear wireless router and plugged the media server to one of the switched ports on the NetGear.   I immediately had outbound service throughout the network.

Networking can get a bit tricky, but here is a breakdown of how my network is configured.

The Vonage device received traffic ad a public IP address and handles DHCP and DNS forwarding for its switched ports.  It assigned an IP address to port 1 as 192.168.15.4 which I then reserved in the Vonage configuration.  The Untangle server was configured with this information for its public interface along with the iP of the Vonage device as the default gateway of 192.168.15.1.

By default, Untangle will issue IP addresses on the private NIC with a range of 192.168.1.81 through 192.168.1.94 (this may depend on the number of computers you have on your network).  Using DHCP, it also provides all necessary routing information to the devices connected to the internal interface.

The NetGear wireless device was configured to provide DHCP in the scope of 192.168.1.2 through 192.168.1.51.  It will route traffic from those IPs upstream to the Untangle device.  Voila!  Complete outbound network communication.

[Edit:  A friend gave me the simple solution to my problem that I had overlooked.  All of my clients were showing up in the reports as having the same IP address.  By connecting the private interface of the Untangle device to a switched port rather than the router port on the NetGear I was able to track behavior for each and every client on my network.  This required turning off the DHCP service of the NetGear and relying solely on that of the Untangle box.  It also removes the secondary (and unecessarily redundant) firewall built into the NetGear.]
 
The next trick was getting inbound traffic to work.  Since this was handled by the NetGear previously, I copied down the port mappings from the NetGear device.  Once all of the settings that I needed were documented, I configured the firewall on the Untangle to point those ports to the new IP addresses of the devices.  I was able in the router configuration of the Untangle to set static IP addresses for all internal servers.