EFW Support

Support => General Support => Topic started by: philled on Sunday 02 March 2014, 06:50:28 pm



Title: Configuring Endian to not control modem
Post by: philled on Sunday 02 March 2014, 06:50:28 pm
I have just decided to move over from Smoothwall to Endian and am looking for some advice on setup. I have an ADSL2 connection to my ISP and I want to maintain configuration of the modem using the factory web UI for the modem (so that if I have connection issues I don't have any "sorry we don't support your setup" type conversations).

So I'm thinking I should connect the modem into my ethernet switch into which all the other machines on my LAN also connect. Then I can connect to the modem's web UI from my PC. Some of my machines are VMs running on ESXi which is connected to the same switch. Other machines connected to the switch are PCs, NAS etc.

My questions are:

  • How should I configure Endian in this arrangement? Would I need a red zone, or would I just set up green and orange zones?
  • What should the default gateway of the green and orange zones be - is it the IP address of the modem?
  • Presumably the default gateway of the machines on my LAN would be the green zone's IP address (except for machines in the orange DMZ)?
  • In this arrangement, should the modem be on a different subnet than the other machines connected to the switch?
  • Is it actually safe to have the modem and other machines connected to the same switch?


Title: Re: Configuring Endian to not control modem
Post by: dda on Tuesday 04 March 2014, 08:18:13 am
If you are connecting the modem directly into your LAN you are really wasting your time with a firewall.  The modem should be in the red zone.


Title: Re: Configuring Endian to not control modem
Post by: kieronrob on Wednesday 05 March 2014, 12:09:09 am
Hi,

Configure the modem with an subnet different to your current network. Turn OFF DHCP on the modem as it will only have the EFW connecting to it. In the EFW network config wizard, select a NIC for your RED interface and give it a STATIC IP in the same range as the modem.

I have done this with a 3G router and I can access the router admin interface no problem to check connection status and signal quality.

You don't need an orange interface unless you are running servers in the DMZ and specifically require this.

Make all your machines use the EFW GREEN IP address as their default gateway and you should be up and running.