pfsense or untangle, and how?

M

mystykmax

Limp Gawd
Joined
Feb 4, 2005
Messages
473
I've been messing around with pfsense, and what I'd like to do is create a machine with pfsense or untangle on it that can act as a web filter. I'm not so much interested in the firewall capabilities, but I'm fine if they are there. I'd like to also not use it as a DHCP server. In other words, the system would look like this:

Internet=>main gateway machine=>switch=>lots of boxes

where lots of boxes would contain this filter machine and I could tell certain systems to look to it as the gateway and some to just directly look at the real gateway. Is this possible? I'm stuck trying pfsense...can't figure it out, but I'd also do it with untangle if it's feasible. Or is there a smarter way? There often is a smarter way to do things than I do them. :)
 
Go w/ Untangle. It's much more simple to setup content filtering in Untangle than it is in pfSense. (Atleast from my personal experience). Don't get me wrong, pfSense is great and full of features, but i have found untangle to be much easier to setup and manage...
 
Untangle allows you to create "pass lists"....special users that can bypass the web filtering rules. You can get more granular with creating multiple racks...for groups of users, I've not dabbled with that setup yet.
http://wiki.untangle.com/index.php/Web_Filter_Tips_&_Tricks

Untangle can take over as your primary router/firewall, or you can install it in what's called transparent bridge mode..it sits behind your primary router, all traffic passes through it on the way in/out of the internet.
 
I have untangle installed now. If I have it in the bridge mode you mentioned, will I be able to get an IP from my DHCP that is on the other side of the "untangler"? In other words:
Internet => (Router + DHCP server) => Untangler => test box

can "test box" get it's IP from the DHCP server still?
 
mystykmax said:
I have untangle installed now. If I have it in the bridge mode you mentioned, will I be able to get an IP from my DHCP that is on the other side of the "untangler"? In other words:
Internet => (Router + DHCP server) => Untangler => test box

can "test box" get it's IP from the DHCP server still?
Click to expand...

In bridged mode, the Untangle box lies between the internet and router+DHCP server like so:
Internet => Untangle Box => Router => Test Box as per the wiki:
http://wiki.untangle.com/index.php/Introduction#Untangle_Server_as_a_Bridge

But "Internet => (Router + DHCP server) => Untangler => test box" might work if you use Untangle for Windows:
http://wiki.untangle.com/index.php/Introduction#Untangle_Server_as_a_Re-Router
 
mystykmax said:
can "test box" get it's IP from the DHCP server still?
Click to expand...

Yuppers...no problem, there's no NAT or anything that separates the clients from the router/server when UT is in bridged mode....it just scans traffic with whatever rack components you have installed.
 
How would one add some of the untangle type of features into PFsense?
 
So I assume it's also do-able to put 3 NIC's in the untangler and then have two different sets of rules so some machines I don't care about filtering except for virus/malware and then others where I want to do a lot of filtering and on the machines I want to filter tightly, I'd just set their gateway to the NIC that had more filtering's IP?
 
mystykmax said:
So I assume it's also do-able to put 3 NIC's in the untangler and then have two different sets of rules so some machines I don't care about filtering except for virus/malware and then others where I want to do a lot of filtering and on the machines I want to filter tightly, I'd just set their gateway to the NIC that had more filtering's IP?
Click to expand...

I supposed you could come up with something that works...but this approach seems to make it very complicated. The link above shows how to easily exclude users from the web filtering rules.

Untangle is the gateway if you use it as the primary router.
 
You must log in or register to reply here.
Back
Top