Clarification pfSense / Untangle on same VM Host



  • I've thought about this, but not really put it in practice yet and really need clarification.  I already have pfSense and would like to use Untangle with it in a virtualization scenario - using Xen or Hyper-V or other.  For example, at the border, I wish to have pfSense in front / behind the ISP router, and behind the pfSense I would have Untangle.

    My question is, if pfSense and Untangle is at the border as guest machines on same VM Host machine, how will traffic go from pfSense to Untangle directly?  I can see traffic sometimes going through Untangle and sometimes not.  Say pfSense 192.168.1.1 and Untangle 192.168.1.2…I guess I am a bit missing on how traffic will be forced to go through pfSense THEN to Untangle before it goes through the rest of my 192.168.1.x subnet.   Just because pfSense is 192.168.1.1 does not mean it will flow through 192.168.1.2 next….Can someone clarify please?

    UPDATE:  I think I got it…http://community.spiceworks.com/topic/14962-untangle-hardware - Bridge / Host / Bridge on VM Nics
    If anyone can further improve on this, please let me know.  Internet–(bridge VMnic)pfSense(host VMnic)--(host VMnic)Untangle(bridgeVMnic)--LAN



  • your clients need to point to a gateway; your gateway; either statically or dynamically assigned. that gateway has its gateway and so-forth. think hierarchy.

    ahh.. so yes, "Just because pfSense is 192.168.1.1 does not mean it will flow through 192.168.1.2 next" but it depends on the next hop; and the next hop for each machine in a successive order is different. your right in your thinking to a point, but succession in outward movement (towards the net in your case) does not need to follow a logical number increment.

    "I can see traffic sometimes going through Untangle and sometimes not."
    yeah depends on what net your client has been assigned to.

    btw why do you need untangle in the picture ? drop it
    give me one good reason, and we will have 10 good answers against it  :)



  • Untangle does a good job of the filter for items such as certain protocols that I wish to block (i.e. MSN, etc), blocking of Ads, and REPORTS, etc…

    In terms of the multiple gateways, seems like a great solution; however, I never tried that type of setup so I do not know how it would work.  From what you are saying, my GW for all internal clients/ server would be my Untangle at 192.168.1.2 and the GW on my Untangle would actually be the pfSense at 192.168.1.1 - I hope I have that understood correctly, but I see this from Internal to External.  My confusion lies in the enforcement of traffic from External to Internal via pfSense then to Untangle.

    Taken from sample excerpt as one possible solution (One VM Host and pfSense / Untangle as Guests)...

    1 - VM bridged NIC 1: Internet --> PFsense WAN
    2 - Host Only: PFSense LAN & UT outside
    3 - VM Bridge NIC 2: UT inside --> LAN switch



  • understanding that is not nessessary as this is just a function of how a virtual network works; virtual nics follow the same rules an actual nic follows. you'll want to chat a different forum for specifics on that issue if you must know all about vmware et all.
    all you need to know is what comes first and when.
    dont confuse 'multiple gateways', with simultaneous outbound gateways (a routing function) as opposed to a succession of gateways (a hierarchy).

    let us know when you have implemented this setup and we can help you more, as i think you'll have a better understanding of the basics involved here and we wont be rehashing the same content over and over. i dont want to sound rude at all, but i think if you made out a diagram it would help considerably.


Log in to reply