Single nic router - can it be done?

[proactivens]

Hello everyone,

I'm new to this product but I must say i'm impressed. I was wondering if you can make zenryal a single nic router? It is not the gateway router, but simply a router. (router on a stick).

Gateway ------switch-----------------clients
                                     |___zenryal

The clients would use zentyal as their default gateway and zentyal would route the traffic to the gateway and out.

[effgee]

As far as I know, very few Linux firewall implementations provide this capability.
There are some technical hurdles to doing this... specifically because traffic must be "broadcasted" so that it gets routed to another "virtual ip / adapter". I'm a bit unclear about this.

Off the top of my head, the only one I know of that can do this is..
Untangle - http://www.untangle.com

They call it "Re-Router Technology"
I tested it awhile ago, while it works, Untangle takes an awful amount of resources for a firewall OS.

Another option is running whichever firewall you install on Vmware and create multiple virtual nics.
This does work, but has several drawbacks which I won't go into.

[proactivens]

I am very familiar with Untangle. I am one of their largest resellers and owner of Untangleappliances.com 

To be more specific, what I am trying to do is have a single nic router setup on the network. Clients will use this router as their default gateway. I will have openvpn access server installed on the single nic router as well. Openvpn access server will create a tunnel back to a main site and all internet bound traffic will pass through the single nic router and over the vpn tunnel it has established. I do not need any "re-router" capabilities, I only need the single nic router to be able to communicate through the main wan router to establish the vpn tunnel, thats it.

Untangle does its re-router functions via arp spoofing. Most modern day routers have anti arp spoofing tech. built in, so the feature is mostly useless.

[Ariel Antigua]

(router on a stick), can be done with VLAN tagging, i don't test it on Zentyal yet, but in others firewalls based on Linux and *BSD can be done.

[FutureTechSys]

I apologize in advance for the answer you don't want to hear :-)

For $25 you could put in a second NIC.  I'm sure there's a way to "rig" something up, but in my experience if the Linux community (and every other server I'm sure) has been developing it for years with a minimum of 2 NICs for that function, why reinvent the wheel?

Just my $0.02