Firewall with 4 Interfaces, only one is connected to the internet? Please help, Thanks in Advance.

Hi Rick and welcome to the UTM Community!

WebAdmin is a GUI that manipulates databases of objects and settings.  A single change there can cause the Configuration Daemon to rewrite hundreds of lines of the code used to run the UTM.  Having knowledge of Cisco or other, similar devices causes people to make false assumptions about how to configure using WebAdmin.

Your Internal and eth3 Interfaces are defined on the same subnet, 192.168.2.0/24, so you have routing problems.

You have no Masquerading rule for "Internal (Network)," so, as Alex points out, browsing cannot occur unless it goes through Web Filtering.  Even then, if Web Filtering is in Transparent mode, depending on how you have configured DNS in the UTM, you might not be able to get name resolution.

If you want to be able to access your home subnet via remote access from public WiFi locations, you will want to choose subnets in 172.16.0.0/12 instead of 192.168.0.0/16 which is where public hotspots will be.

I can't see any reason to define eth2 and eth3 at present.  You mentioned VLANs, but I think you meant LANs.

Unlike Windows DHCP, the UTM does not have reservations.  You must be careful to not have the pool of dynamically assignable addresses overlap with any fixed IPs or those assigned statically trough a Host definition.  The "culture" here normally assigns .1 to the interface instead of .100 although some use .254.  Instead of using a range of .1 to .254 in your DHCP server definitions, use something like .100 to .199.  Then, assign fixed IPs in .2 to .99.

Your DHCP server for eth2 (192.168.3.0/24) assigns a DNS server of 192.168.2.100.  Unless you have a firewall rule allowing that traffic, you will see in the Firewall log that it is blocked.

Learning is like climbing a steep cliff in the beginning.  Don't worry, as you begin to understand the way WebAdmin works, you will find that it is easy to do powerful things quickly.  Good luck!

Cheers - Bob

Hi Rick and welcome to the UTM Community!

WebAdmin is a GUI that manipulates databases of objects and settings.  A single change there can cause the Configuration Daemon to rewrite hundreds of lines of the code used to run the UTM.  Having knowledge of Cisco or other, similar devices causes people to make false assumptions about how to configure using WebAdmin.

Your Internal and eth3 Interfaces are defined on the same subnet, 192.168.2.0/24, so you have routing problems.

You have no Masquerading rule for "Internal (Network)," so, as Alex points out, browsing cannot occur unless it goes through Web Filtering.  Even then, if Web Filtering is in Transparent mode, depending on how you have configured DNS in the UTM, you might not be able to get name resolution.

If you want to be able to access your home subnet via remote access from public WiFi locations, you will want to choose subnets in 172.16.0.0/12 instead of 192.168.0.0/16 which is where public hotspots will be.

I can't see any reason to define eth2 and eth3 at present.  You mentioned VLANs, but I think you meant LANs.

Unlike Windows DHCP, the UTM does not have reservations.  You must be careful to not have the pool of dynamically assignable addresses overlap with any fixed IPs or those assigned statically trough a Host definition.  The "culture" here normally assigns .1 to the interface instead of .100 although some use .254.  Instead of using a range of .1 to .254 in your DHCP server definitions, use something like .100 to .199.  Then, assign fixed IPs in .2 to .99.

Your DHCP server for eth2 (192.168.3.0/24) assigns a DNS server of 192.168.2.100.  Unless you have a firewall rule allowing that traffic, you will see in the Firewall log that it is blocked.

Learning is like climbing a steep cliff in the beginning.  Don't worry, as you begin to understand the way WebAdmin works, you will find that it is easy to do powerful things quickly.  Good luck!

Cheers - Bob