Untangle Routing & Quality of Service (QoS)

Untangle Routing & QoS Overview:

Untangle is a flexible platform that can perform routing tasks or simply pass traffic as a transparent bridge. Untangle’s routing capabilities enable administrators to:

• Provide the basics like NAT, DMZs, DHCP & DNS
• Get fancy with multiple NAT spaces, routing tables and configurable MTU
• Prioritize traffic with QoS
• Support SIP & IAX VoIP traffic

With routing, you can turn your Untangle Server from a transparent bridge into a router, providing router-related services such as Internet connection sharing. Untangle routing is open source and free under the GNU General Public License (GPL).

Untangle's routing allows all hosts to share internet access via Network Address Translation (NAT), and also provides DHCP and DNS services and advanced routing capabilities. The administrator can configure NAT, as well as related redirect rules, and DMZ host settings. The administrator can also add static DHCP and DNS entries, as well as custom routes to support more complicated networks.

QoS is a great way for administrators to improve VoIP call quality and ensure that critical apps have priority access to bandwidth. Untangle QoS enables administrators to create a pool of bandwidth that is reserved for critical apps. Administrators can decide what percentage of their bandwidth to reserve depending on the size/type of their connections and the intensity of critical apps they intend to run concurrently. By segmenting services into high, medium and low priority queues, administrators can minimize interruptions to sensitive apps (VoIP, SSH, VNC, RDP, etc.) from bandwidth intensive downloads or websites (Youtube, etc.) that may be lower priority. For more QoS info see the QoS wiki page.

Note: As of the 5.1 release, Router is no longer a stand-alone application. The networking functions are accessed by selecting the "Networking" button that can be found under the left hand Config tab.

Technical Specifications:

You can use the Untangle Server as a router or a bridge. With the Untangle Server as your router, you can configure NAT, as well as related redirect rules, and DMZ host settings. You can also add static DHCP and DNS entries, as well as custom routes to support more complicated networks.

What It Does

Routes network traffic using either “standard” or “advanced” options

How It Does It

Uses several open source tools including iptables and Linux Traffic Control with Untangle custom components and interface

Controls

• Standard Mode: Provides NAT, DMZ hosting, redirects/port forwarding, DHCP, DNS forwarding and address mapping
• Advanced Mode: Additionally allows for multiple NAT spaces, a routing table, and configurable MTU
• QoS: Create a reserve pool of bandwidth and prioritize mission critical services like in to high, medium & low queues

 

Screenshots:

 

 

Networking FAQs:

How do I determine the devices that are attached to my network?

Assuming the Untangle Server is your router, you can locate the list of devices as shown in Assigning Network Computers Static IP Addresses.

If I am running NAT, how can I provide access to a web server connected to the internal network?

1. If the web server is using DHCP, it should be assigned a static address. Go to Assigning Network Computers Static IP Addresses.
2. Map the web server to that IP address as discussed in Mapping Computer Hostnames To IP Addresses.
3. Create a port forward rule for all incoming traffic on port 80 to your web server as discussed in Redirecting External and Internal Traffic.

I have multiple subnets and after installing Untangle as a bridge only my main subnet can connect to the internet. Why?

Untangle needs to know about the other subnets in order to correctly route traffic to them. This can be done in several ways.

1. Give Untangle an alias on each subnet. This can be done in config->networking. This tells untangle that this subnet is local and should be routed accordingly.
2. Alternatively, If your subnets are all similar (ie 192.168.1.x vs 192.168.2.x) make sure Untangle has a netmask that includes them all (255.255.0.0 vs 255.255.255.0)
3. If your other subnets are behind another internal router also add routes to tell Untangle how to route to these subnets in config->networking->advanced->routing.

Is it possible to use DHCP without enabling NAT?

Yes, DHCP can be enabled if NAT is disabled. The DHCP start and end address range must fall into the network that you specify in the Network Configuration page. See DHCP Server.

Is it possible to serve DHCP on multiple interfaces?

Yes, if you are already serving DHCP on one interface you can configure additional interfaces in config->networking->advanced->DHCP & DNS.

Does Untangle support dual WAN or WAN failover?

Natively, the Untangle doesn't support dual WAN nor WAN failover at this time. We are looking to implement these features in the future. In the meantime, we have tested few SMB products that support these features.

Linksys RV042 ($189.99 cdw.com price as of 09/01/2008)

1. A high-reliability Internet connection-sharing router and 4-port switch for small business
2. Features dual Internet ports for load balancing and connection redundancy
3. Securely connects up to 30 remote office or traveling users to your office network via VPN
4. Advanced SPI firewall protects your PCs from most known Internet attacks

(Taken from Linksys.com)

Netgear FVS124G ($179.99 netgear.com price as of 09/01/2008)

1. Dual WAN support for load balancing and failover
2. Built in four auto-sensing 10/100/1000 Mbps LAN ports offer gigabit connectivity
3. Securely connects up to 25 remote office or traveling users to your office network via VPN
4. Supports both SPI firewall and Denial of Service (DoS) prevention

How about Open Source software that supports Dual WAN?

If you are interested in the Open Source software, you might want to check out Pfsense.

Does Untangle Server use bandwidth throttling?

No. The Untangle Server uses Protocol Control and Web Filter to solve the problem of network congestion resulting from a few users consuming more resources. Also, QoS offers bandwidth management at the IP level.

My network is extremely slow and some pages won't load. Why?

Some internet connections have a sub-1500 MTU but don't support automatic MTU path discovery. It is worth a try to manually change MTU on the config->interfaces->edit page to something lower, 1492 or even 1450, to see if it has any effect. You must be in advanced mode to change this setting. This is more common with PPPoE connections. It is suggested that if this does not solve the issue you return MTU to the default setting.

Can I use OpenDNS with Untangle?

Sure. Simply change your external interface's settings to use OpenDNS's servers as a DNS server.

My port forward isn't working. Why?

Follow the Port Forward Troubleshooting Guide to see if you can discover the issue.

I setup a port forward for HTTPS (port 443) and it is not working. Why?

Untangle and many of the applications use port 443. In order to forward port 443 you need to move Untangle off of port 443 to a different port. This can be done in config->administration under "External Administration."

I setup a port forward to my FTP server and it is working but transfers fail. Why?

FTP has multiple connections. If you setup a port forward for the control session (port 21) then you must also setup a port forward for the transfer sessions. You can do this in multiple ways.

1. Configure your server to use a range of ports for a transfer (10000-20000) and configure Untangle to forward all of these ports to the FTP server.
2. Use 1:1 NAT

Does Untangle support 1:1 (One to One) NAT?

Yes, Read more about how to setup 1:1 NAT.

What is "Destined Local?"

Destined Local is a flag for port forward rules. It matches on traffic destined to the local untangle machine and one of its IPs. This flag is usually used when you want to redirect a port on the Untangle Server (and all of its IPs) to another server.

Hardware Requirements:

• The Untangle Server requires a dedicated PC installed at the gateway to your network.
• Your hardware does not need an operating system - the Untangle Server installs its own operating system.
• The Untangle Server software completely erases any content or data that may exist on your PC hard drive.

Sizing Guidance

Recommended Configurations (New Hardware)

When purchasing new hardware, spending a couple of extra dollars to meet the following recommended configurations provides the best value.

Verified Configurations (Trials, Refurbished or Repurposed Hardware)

These are the lowest verified hardware configurations that provide reliable — albeit sometimes slower — performance in production. However, it may be possible for organizations with lower than average network traffic or organizations that do not wish to use all of the modules to run Untangle on smaller systems.