Untangle – a cool open source TMG for your lan

In these days Internet security is more important than ever, would it not be neat if you could run all your Internet traffic through a big filter to filter out all those nasty viruses, malware and privacy concerns!?   Well, if you happen to have an old PC lying around or as I have a server running MS-Hyper-V then you actually can fairly simple (and free)..

Ok, you may have heard about such solutions as; Smoothwall, monowall and others like them?  These are basically routers/firewalls, and could with a PC (and two nics) replace your broadband router, they contain complex firewall capabilities and maybe even VPN connect possibility.  All very cool and quite easy to setup and use..

Untangle go a step further than this, to the basic router capability is added firewall, vpn, antivirus scanning, privacy filter, ad filter, spam filter, captive page and much much more.  The best part is that most of this is free, you can download a bunch of apps and install these (this is point and click, so no linux knowledge is required).

So how does it work, is it a proxy or is it a gateway or what?  Well once installed you set the LAN nic IP as the default gateway and viola all traffic is now filtered against malware, virus, spam, privacy concerns and what not..

I setup my Untangle box as a Hyper-V machine on my Windows 2008R2 server, gave it 640mb ram and two cpu’s and a 120gb hard drive (of which it is now using aprox 6-7gb).

Once installed you configure everything via the web-interface (not on the box itself if you use Hyper-V, but on you own pc);

So a few notes on installing the app as a hyper-v virtual server;

  • Obvious disadvantages, you will never be able to install the Hyper-V additions into the Linux box, thus no mouse ever which leaves the user interface on the installed box useless.
  • I had to run the installation 4-5 times before I succeded, dont know why it failed but it was as if the installer just stalled during the installation, thus I suggest you take a snapshot once you manage to install the basic system (now you can always revert to here).

Ok, let me just give you the quick tour of installing the thing, it is not a complete guide
(so no screenshots and some obvious steps may be omitted, but if you know a bit of Hyper-v’ing it should not be too hard);

1. Download the Untangled install cd from; http://www.untangle.com/Downloads/Download-ISO

2. Create a new Hyper-V machine (I suggest 640mb ram, 2 cpu’s), replace the NIC with two legacy NIC’s (required to work), an IDE drive – I used a dynamic drive of 120gb but I think performance may be better if you set a static drive of perhaps 20gb, mount the downloaded ISO as the CD rom. Tweaks; you can stick to one legacy NIC if you do not plan to use the box as a firewall (eg. if you have a HW firewall in your ISP router etc), some things will not work with only one nic but most will.

3. Start the system and select the Text based installer (as you have no mouse in hyper-v), I seemed to have better luck with the advanced installer..  You should set static IP’s so decide on two IP’s before getting started.

4. Once the installation is complete switch to your browser and connect to the IP you set as the LAN side during install

5. Take a snapshot of your of your Hyper-V machine.

6. Now download the “open source pack”, on the left of the interface.

7. Configure the different modules, I suggest you disable/turn off the firewall, anti spam, PG, intrusion prevention features (unless you plan on using the device as your main router) as this will speed up performance.

8. Now set the LAN NIC IP as your default gateway on your pc (or on your DHCP server)

You can even set up a captive page, this will require people to have a password in order to access the Internet quite cool – sadly it does not support limiting bandwidth, download ratios etc. but well it’s still cool.

Don’t worry if your first or second install fails, as mentioned I had to do multiple installs before it succeeded, but now it runs fairly smooth.  I have experienced that the web-interface was unavailable (network still worked, but I could not reach the interface), but after a reboot everything was back online.

Read more here; www.untangle.com  –  http://wiki.untangle.com/index.php/Untangle_Server_User’s_Guide

3 replies
  1. Alfonso Uscategui
    Alfonso Uscategui says:

    Hi,

    I need your soon help in order to get my untangle running on a hp server.

    Right after installing untagle 32 bits version 8.0 and after configuring its nic´s, untangle does not answer ping and it is not able to communicate with the external world.

    I mean: I have my untangle configured using win srv 2k8 std x64 r2, hyper-v untangle 8 32 bits. Both of its nic´s are well configurd in the same network segment.

    I can see something likewise if untangle were not be able to publish its arp address to the network.

    I´m using legacy cards.

    Please, if yu can help me I would appreciate it so very much.

    Thks in advance.

    ALFONSO
    Bogota Colombia

  2. Mike
    Mike says:

    Hi Alfonso.

    Sorry for not replying sooner but I am swamped at work at the moment 😐

    From what you tell me I can’t give you an explanation as to why it does not work :-/ my only observation while trying to install my own setup was that the installation sometime failed and with my limited understanding of the linux setup underneath I chose to reinstall (which I did 2-3 times to make it work), maybe you should try to start over and see if that does not solve the issue? And for god-sake take a snapshot once it’s installed, it’s SO much easier to be able to revert to snapshot than reinstall the thing…

    Sorry I can’t offer any better assistance but truthfully I havent looked much at it since I installed it 🙂 but it still works..

  3. Doug
    Doug says:

    I’m looking for some assistance with configuring Untangle on Hyper-V. You said to add 2 legacy network adapters. I’m assuming that these adapters are pointing to a Virtual Network Adapator. Are they pointing to the same virtual adapter or 2 different virtual adapters. My server has 6 physical NICs. I would like to use 1 physical NIC for incoming and a second one for outgoing. The incoming NIC would connect to the internet (Static IP address) and the outgoing NIC would be connected to a physical switch.
    Does this configuration make sense? Do you see any probelms with this configuration?

    I’ve tried various configurations without any success. I believe that I’m close and need some further guidance.

    Any assistance that you can give me will be greatly appreciated.

    Thanks

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *