No announcement yet.

Untangle FW and DEBIAN with mastershaper

  • Filter
  • Time
  • Show
Clear All
new posts

  • Untangle FW and DEBIAN with mastershaper

    Hi to all,

    I have this configuration running on my network.

    L3 SWITCH ---> ESX SERVER (vswitch LAN and vswitch WAN) ---> ISP

    - In vswitch LAN (access to LAN) I have UNTANGLE FW bridged to LAN and few more local machines.
    - In vswitch WAN (access to Internet) only UNTANGLE FW is added.

    Whole traffic from LAN must pass external interface, so this traffic is passing through UNTANGLE FW and there is checked and filtered.

    This configuration is working like a charm.

    Now I would like to add one more machine to WAN vswitch. That will be DEBIAN with MasterShaper (QoS) installed. What I would like to do is to move all LAN traffic first to UNTANGLE FW (packet inspection and filtering) and then to MASTERSHAPER (for shaping/policing). Once all check are done, traffic can go to Internet.
    Traffic incoming into network must pass first through MASTERSHAPER machine, then UNTANGLE FW machine and then to L3 switch.

    I do not have another NIC to create one more vswitch.

    Does anyone have similar situation or configuration, or at least can help me brainstorm question?

    Attached Files

  • #2
    Re: Untangle FW and DEBIAN with mastershaper


    Actually, this is what I need:

    I just want both machines virtualized on ESX.



    • #3
      Re: Untangle FW and DEBIAN with mastershaper

      You need a blank switch with no NIC for internal routing.

      WAN -> ESX NIC -> vSwitch with WAN of Untangle -> output NIC of Untangle to a separate private vSwitch -> WAN of Master Shaper on private Switch -> LAN of Master Shaper on LAN vSwitch

      MasterShaper WAN on separate private switch.
      MasterShaper LAN on normal LAN switch.

      Separate vSwitch will have no NIC attached.
      Untangle LAN -> private switch ->MasterShaper WAN

      The below pic shows 1 device connected to the private switch.
      We drop in connections/ NICs from servers that we need to license etc into this switch to allow them access to the internet when testing/ patching etc.

      Hope this makes sense.
      Ask more questions if it doesn't.
      Last edited by wobble_wobble; 29th September 2014, 16:53. Reason: trying to make explain the solution better
      The most important thing in life is to be yourself.

      Unless you can be Batman.
      Always be Batman.