Jump to content
RESET Forums (homeservershow.com)

Untangle


ITmaster
 Share

Recommended Posts

Hi there, I need your advice on something....

Is it possible to run a virtual machine running Untangle firewall within WHS. There would be three network cards. One for WHS to connect to the network and two for the inbound and outbound ports for the firewall. I have attempted to run this VM within a VM of WHS as my system isn't built yet but this does not work. Is this because I am trying to run the VM within the VM? Thanks!

Link to comment
Share on other sites

Are you trying to run Untangle for Windows in a Virtual Windows XP on your WHS computer? There is a version of Untangle that doesn't require a base OS. You might be able to run this in a Virtualbox (http://www.virtualbox.org/) within WHS.

Link to comment
Share on other sites

Absolutely you can do this, there are a few ways. I personally run PFSense and Untangle as VM's and they are my main router and UTM respectively running on a baremetal ESXi system.

1 - baremetal hypervisor, like ESXi or Hyper-V. I like it that way, because you're not relying on the host os to "seperate" the traffic between the internet and your VM router. The hypervisor does the segmentation, which is much more hardened and has a smaller attack footprint.

2 - use a host OS like you're saying, with a dedicated NIC which you have to configure to not show directly to the host OS. Look at this write-up for how to run PFSense in a VM on a host PC, it's the same idea for Untangle basically.

Link to comment
Share on other sites

wodysweb, I am doing almost EXACTLY the same thing. I run pfSense and Untangle as VM's using Xenserver as the baremetal system. I could not get ESXi to load.

One of the things I love about doing it this way is the ability to copy pfSense or Untangle system. I have a pfSense copy setup to run through Untangle, another without Untangle and another with some packages loaded. I also have two copies of Untangle. Being able to just shut one down and load the other is VERY nice (although I run into some local IP address problems sometimes when I do this).

I used to have pfSense and Untangle as seperate machines, but running them as VM on a baremetal install not only has the advantages noted above and more, it also cuts on the power usage for me.

That said, I don't think I would run pfSense as a VM on my WHS except maybe for some testing purposes if I didn't have the Xenserver setup.

Link to comment
Share on other sites

I agree, it's great to have VM's of each running, so easy to play with them and not totally screw everything up. PFSense is great for routing/firewall, and Untangle has some cool UTM stuff...I've been playing with some of the PFSense add-on packages that are almost taking over a bunch of the UTM areas.

I also wouldn't really want to run it on a host WHS box, just don't trust windows 2003 to route the internet facing NIC...

Link to comment
Share on other sites

  • 1 month later...

Interesting. I'm running the linux version of Untangle on its own box (it's hidden away under my basement stairs). Wodysweb & geek-accountant, I am curious why you guys are running both PFSense & UT; aren't they basically doing the same job?

Link to comment
Share on other sites

I run pfSense as the router and Utangle in transparent mode. I like pfSense better for it's QOS and other features, including real time reporting. Untangle provides things that either don't work as good in pfSense or are not there at all. I prefer the web filter and virus protection in Untangle.

I am actually running 2 copies of pfSense at the same time. The second pfSense is only running as a DCHP server. Why? Well, since I have these on a Xenserver it allows me to try different things. Sometimes I want to test a version of pfSense without Untangle in the mix. This may be the new 2.0 version of pfSense or the current version with different packages loaded. I also have tried (very little) to use Smoothwall. When I first started switching between routers I ran into lots of problems on the network due to IP addresses being servered from the router. Not sure if this was the proper or best method, but I decided to just start another pfSense VM and have it only act as a DHCP server. That way it was always in controll of IP addresses.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...