In this page you find:
The network menu can be used to tweak the networking configuration by adding specific hosts and routes, or configuring the uplink and adding VLANs. This menu should not be confused with the Network configuration wizard available at Menubar ‣ System ‣ Network Configuration, that allows to configure interfaces, zones, and to define uplinks, although many settings and configuration options, especially in the Interfaces menu item are the same found there.
The sub-menu on the left-hand side of the screen contains these items, each of which groups several configuration options:
New in version 2.5: the wireless module.
The page contains the list of hosts previously defined. Each line contains an IP address, the associated hostname, and the domain name, if specified. Two available actions are available for each entry: To edit it or to delete it.
Warning
Deleting an host entry by clicking on the small icon does not require any confirmation and is not reversible. If deleted by mistake, an entry must be re-added manually.
A new entry in the file can be added by clicking on the Add a host link right above the table. A simple form will replace the table, in which to enter the following options:
Note
Unlike in the /etc/hosts
file (see below), each IP
address added here corresponds to one hostname and
viceversa. To add two hostnames to a same IP, add two
entries with the same IP address.
The choice can be confirmed by clicking on the Add Host button. To associate more hostnames to the same IP address, repeat the procedure by inserting the same IP address but a different name.
Hosts management, dnsmasq and /etc/hosts
.
The dnsmasq application is used in small networks as DNS server for local hosts and as a DNS forwarder and caching server for worldwide DNS servers. The Endian UTM Appliance uses dnsmasq to be able to correctly resolve and answer DNS requests coming from the GREEN, ORANGE, and BLUE zones. It is sometimes desirable (e.g., for testing purposes on a remote website) to override some entries in dnsmasq, or to add some local server to dnsmasq’s cache, for local clients to be able to connect to it.
The hosts added in this page are stored in a dnsmasq’s settings
file and merged with the /etc/hosts
file at every restart
of the daemon. Host added to that files directly via CLI will not
persist after a reboot of the Endian UTM Appliance or a restart of dnsmasq.
The /etc/hosts
file contains the so-called static lookup
table, in the form:
IP1 hostname1 [hostname2]
IP2 hostname3 [hostname4] [hostname5]
Here, IP1 and IP2 are unique (numerical) IP addresses and
hostname1, hostname2, hostname3,`hostname4`, and hostname5 are
custom names given to those IPs. Names within square brackets are
optional: In other words, each IP address can be associated with one
or more names of known hosts. Custom host entries can be added to the
file, that will then be resolved for all the clients connecting
through the Endian UTM Appliance. On a typical Endian UTM Appliance, the
/etc/hosts
file contains at least the following entries:
127.0.0.1 localhost.localhost localhost
172.20.0.21 myappliance.localdomain myappliance
172.20.0.21 spam.spam spam
172.20.0.21 ham.ham ham
172.20.0.21 wpad.localdomain wpad
Here, 127.0.0.1 is the IP address of the loopback device, localhost, which is a mandatory entry for the correct workink of any Linux system; while 172.20.0.21 is the IP address of the GREEN interface. The entries listed for that IP have the following meaning and purposes:
Besides the default routing table, that can be seen in Menubar ‣ Status ‣ Network status, the routing on the Endian UTM Appliance can be improved with static and policy routing rules. This page displays a unique table that contains all the custom routings, although new rules are added from the two different tabs that present on this page. Indeed, static and policy routing rules require slight different settings. The table contains a summary of the rule: the source and destination networks or zones, the gateway, a remark, and the list of available actions: Enable or disable, edit, and delete a rule.
Whenever a modification is carried out on the routing table, it is required that the changes be saved and the service be restarted.
A static route allows to associate specific source and destination networks with a given gateway or uplink. A click on the Add a new route link above the table allows create new routes by defining the following fields in the form that will appear:
Four options are available to define through which means should the traffic be channeled: Static Gateway, Uplink, OpenVPN User, or L2TP User. In the case the Static Gateway is selected, the IP address of a gateway should be provided in the text box on the right. Otherwise, a drop-down will appear, proposing the choice among the available uplinks, OpenVPN users, or L2TP users.
New in version 2.5: Routing via OpenVPN and L2TP Users.
A click on one of the icons will trigger an action on the respective item:
See also
A guide to set up basic static routes.
A policy route rule allows to associate specific network addresses, zones, or services (expressed as port and protocol) with a given uplink.
The table shows all the already defined rules for both static and policy routing, with some of their properties: Source, Destination, TOS, Gateway, Service, Remark, and the available actions:
Hint
The TOS column appears only if at least one rule with that field has been defined.
Rules that appear higher in the table have higher priority.
Policy routing, HTTP proxy, and uplink.
Note
The description below only applies to version of Endian UTM Appliance prior to 3.0.5. The HTTP proxy improvements introduced in version 3.0.5 (May 2015) make the following observations obsolete.
The interaction between these three components of the Endian UTM Appliance might produce some behaviour that may appear strange or even wrong when clients in the zones try to access the Internet. There are indeed three steps to highlight, for a correct understanding how traffic flows to the Internet when both HTTP proxy is enabled and there are policy routing rules defined:
When clicking on the Create a policy routing rule link, a form will open, which seems rather more complicated then the one for static routes and very similar to the firewall rule’s editor. However, this policy rule editor is much like the previous one, but gives more control over the definition of the rule. Additionally, the setup of the rule is guided by several drop-down menus, to simplify entering the data in the following fields:
How the traffic should be routed for this rule. Four options are available:
This checkbox must be ticked to log all the packets affected by this rule.
Warning
The activation of this option may cause the size of the log files to dramatically improve.
See also
There is a tutorial to set up basic policy routes available here.
The uplinks manager allows to carry out a number of tasks that are related with the uplink and the interfaces, and in particular to define custom VLANs on the network interfaces.
By default, the uplink editor shows the available uplinks that have been created and the actions that can be executed on each of them, by clicking on the icons in the last column, Actions:
Hint
The main uplink can not be deleted.
Additional uplinks can be defined by clicking on the Create an uplink hyperlink above the list of uplinks. A rather long page, full of configurable options will open, that should be filled with appropriate values -very similar to those in the network configuration. Depending on the type of uplink chosen, the available settings will differ.
Note
Not all the available options are described here: They are the same that are present in the network configuration wizard and depend on the type of the uplink chosen, so please refer to that section for the full explanation of each option.
The selection of the type of RED connection includes one additional protocol, compared to those available in the network configuration wizard: PPTP. PPTP can be configured to work in static or in DHCP mode, selectable from the respective value from the “PPTP method” drop-down. The IP address and netmask must be defined in the appropriate textfields if the static method has been chosen, in which case additional IP/netmask or IP/CIDR combinations can be added in the field below if the checkbox is ticked. Phone number, username, and password are not required but may be needed for some configurations to work, depending on the provider’s settings. The authentication method can be either PAP or CHAP: if unsure, keep the default value “PAP or CHAP”.
Note
When choosing Analog/UTMS Modem, the SIM card must be plugged in when the Endian UTM Appliance is turned off.
Tick this option to enter a list of IP or hostnames that will be ping-ed when the uplink fails, to check whether it has reconnected.
Hint
One of those hosts could be the provider’s DNS server or gateway.
In the advanced settings panel, two other options can be customised:
See also
A tutorial that explains the setup of a failover uplink.
The idea behind offering VLAN support in Endian UTM Appliance is to allow arbitrary associations of VLAN IDs to the zones and to provide an additional level of separation (and therefore adding another level of security) between the zones. The existing VLANS are shown in the table, if any had already been created. The only action available is:
A new VLAN can be defined by clicking on the Add new VLAN hyperlink above the VLAN list. In the form that will open a few click suffice to create an association between an interface and a VLAN, by specifying a few values:
Warning
It is not possible to define a VLAN that serves one zone (e.g., a VLAN on BLUE) on an interface that already serves another zone (e.g., eth1 serving GREEN). When trying to do so, the form closes and a red callout appears, informing that the VLAN can not be created.
Whenever a virtual LAN is created, a new interface is created and named as ethX.y where X is the number of the interface and y is the VLAN ID. This interface is then assigned to the chosen zone and will show up as a regular interface in the various sections that report network information, like Menubar ‣ Status ‣ Network Configuration or in the Dashboard, where it can be selected to be drawn in the graph.
New in version 2.5: WiFi capabilities
Changed in version 3.0.5-YYYYMM: improved settings detection.
The wireless module presents some options to configure the Endian UTM Appliance as an access point. If not enabled, only the switch to activate wireless support is shown in the page. Upon activation, a box appears, divided in two parts by the Add new SSID link. In the upper part appears a panel carrying the overall configuration options, while in the lower part there is the list of the available SSIDs, right below a navigation and search bar and above a set of buttons to carry out an action on more SSIDs at once. The following options are available to configure the wireless module:
News in the Wireless module after the 3.0.5 release.
With the release 3.0.5-YYYYMM, the behaviour of the GUI has slightly changed. When the Country is changed, which is a choice that should happen only at the first set up, it is necessary to save the settings, before being able to choose the Wireless Mode and the Channel. If the laws and regulations change in the Country, or the Endian Appliance is brought to another Country, it may happen that the currently configured channels are not valid anymore. In this case, the Endian Appliance detects the incompatibility and falls back to the safest channel available, which is 6.
Moreover, when the hardware adapter is replaced or changed and the newer one does not support the same channel configured on the older one, again the Endian Appliance falls back to the 6 channel.
The list of the SSIDs, which is initially empty, presents the following information: The SSID name, the zone, the encryption, and a remark, which are described below.
To add a new SSID, click on the Add new SSID to open the editor, in which to supply the following information:
Version 3.0
Version 2.5
Version 2.4
Version 2.3
Version 2.2
Version 2.1