Untangle is a snazzy and free Linux-based firewall and services device. Using a shopping cart like experience, one can pluck a variety of free and paid applications and drop them on the device. I personally run the virus blocker, spyware blocker, firewall, IPS, and IPsec VPN apps for my home lab on a baby sized Atom box that, although many years old, still purrs like a kitten. This strikes me as rather impressive, since the box is on 24/7 and was built using COTS (commodity off-the-shelf) hardware. Pardon me while I pat myself on the back. 🙂
For those rocking version 9.X of Untangle (version 10 came out only recently), which I happen to be, you may have figured out that there is no place to configure VLAN tags on the internal or external interfaces. This can be a pain if you’re running VLANs in your internal network, especially when you want any VLAN other than the one native to Untangle to reach the Internet. Fortunately, I’ve found a reasonable workaround that has successfully allowed me to put off upgrading to Untangle 10 for a little longer.
Contents
Internal Interface Configuration
Log into your Untangle appliance and click on the Config tab located on the left menu, then choose Networking. Then, from the Interfaces list, click Edit next to your Internal interface, as shown below:
We’re now going to create an IP Address Alias for any subnet being used by a VLAN that you wish to route to the outside world. This will create a layer 2 adjacency between your Untangle appliance and the switch virtual interface (SVI) on the VLAN. Click the green Add button and enter an IP address on the subnet for your VLAN. For example, my VLAN 251 uses the subnet 10.0.251.0 /24, and so I’ve given my Untangle appliance an IP on that subnet: 10.0.251.200 /24, as seen here:
Repeat this process for any other VLANs that you wish to route, then click the Apply button in the bottom right corner.
[symple_box color=”yellow” text_align=”left” width=”100%” float=”none”]
Note: This step tends to cause a brief outage (~30 seconds). I believe a process within the Linux OS restarts to create a VIF (virtual interface) on the Internal adapter.
[/symple_box]
Advanced Routing
At this point, the subnet you added to your Internal interface should now be able to reach the Internet. If not, we’re going to need to create a somewhat goofy looking entry in the routing table.
Click on the Advanced button in the top right corner and choose Routes. You will be greeted with a page that contains both Static and Active routes. The subnet for your VLAN should appear in the Active routes. We’re going to create a new entry in the Static routing table.
Click the Add button to create a new row in the table, then enter the VLAN’s subnet into the Target field and subnet mask into the Netmask field. Here’s where it gets a little silly. Put in your native gateway in the Gateway field. For example, my native subnet for Untangle is 10.0.0.0 /24, and the native VLAN’s SVI is 10.0.0.201 /24. I’ve entered the route information below:
Click Apply in the bottom right corner. The appliance will update its routing tables, interrupting traffic for a few seconds.
That’s it – you should now be able to pass along traffic from the VLAN(s) you added to your Untangle appliance.
