I am trying to port forward 3389 RDP to a device on a VLAN (Eth7.5) the IP of the device is 172.16.10.5. I cannot get it to work. Any help would be greatly appreciated.
↧
Port Forward Issue
↧
ubnt-discover interface disable not working
EdgeOS 1.9 - I noticed UBNT discovery traffic on my upstream interface.
Oct 9 14:42:01 ext-gw0 kernel: [eth0_local-default-D]IN=eth0 OUT= MAC= src=121.99.21.54 DST=255.255.255.255 LEN=168 TOS=0x00 PREC=0x00 TTL=64 ID=40535 DF PROTO=UDP SPT=56728 DPT=49020 LEN=148
Tried disabling ubnt-discover on eth0.
set service ubnt-discover interface eth0 disable
Continued to see the traffic.
Oct 9 15:01:03 ext-gw0 kernel: [eth0_local-default-D]IN=eth0 OUT= MAC= src=121.99.21.54 DST=255.255.255.255 LEN=168 TOS=0x00 PREC=0x00 TTL=64 ID=40550 DF PROTO=UDP SPT=41252 DPT=50978 LEN=148 Oct 9 15:01:03 ext-gw0 kernel: [eth0_local-default-D]IN=eth0 OUT= MAC= src=121.99.21.54 DST=255.255.255.255 LEN=168 TOS=0x00 PREC=0x00 TTL=64 ID=40551 DF PROTO=UDP SPT=41234 DPT=58525 LEN=148 Oct 9 15:01:03 ext-gw0 kernel: [eth0_local-default-D]IN=eth0 OUT= MAC= src=121.99.21.54 DST=255.255.255.255 LEN=168 TOS=0x00 PREC=0x00 TTL=64 ID=40552 DF PROTO=UDP SPT=59341 DPT=45728 LEN=148
Disabled ubnt-discover, and the traffic stopped.
set service ubnt-discover disable
Anyone else see the same behavior?
↧
↧
[ERL] Strange ipv6 behaviour
Hi everyone,
after trying for a good month I'm finally giving up and turn to the community. I have a really stange problem with my EdgeRouter lite running EdgeOS 1.9.0. But first let me describe the setup.
I'm using the German ISP Unitymedia. They supply a cablerouter with crippled features. So I'm using an EdgeRouter lite and a Unifi AP-AC lite. The thing is Unitymedia uses DS-lite so I need ipv6 to work correctly.
I set up prefix delegation on the ERL and it works fine. All devices in the network get the correct ipv6 addresses.
No we come to the problem. The ipv6 connection on all devices doesn't work right from the start or after every reboot of the modem or the ERL. But if I SSH into the ERL ipv6 works fine. So one might think it's a firewall issue, but after waiting for some days it suddenly starts working on all devices. Strange, isn't it?
I'll post some parts of the config that might me relevant.
eth0 - the connection to the Unitymedia router
eth1 - my LAN
eth1.20 - Guest VLAN
ubnt@ubnt:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 192.168.1.190/24 u/u WAN
2a02:8070:4ab:6600:9fb2:3ff6:84bd:647c/128
eth1 192.168.0.1/24 u/u LAN
2a02:8070:4ab:66f0::1/64
eth1.20 192.168.100.1/24 u/u Guest
2a02:8070:4ab:66f1::1/64
eth2 192.168.2.1/24 A/D Local 2
lo 127.0.0.1/8 u/u
::1/128
ubnt@ubnt# show interfaces ethernet eth0
address dhcp
description WAN
dhcpv6-pd {
no-dns
pd 0 {
interface eth1 {
host-address ::1
prefix-id :0
service slaac
}
interface eth1.20 {
host-address ::1
prefix-id :1
service slaac
}
prefix-length 60
}
rapid-commit enable
}
duplex auto
firewall {
in {
ipv6-name WANv6_IN
}
local {
ipv6-name WANv6_LOCAL
}
}
speed auto
ubnt@ubnt# show interfaces ethernet eth1
address 192.168.0.1/24
description LAN
duplex auto
firewall {
in {
ipv6-name client6-in
}
local {
ipv6-name client6-local
}
}
ipv6 {
dup-addr-detect-transmits 1
router-advert {
cur-hop-limit 64
link-mtu 0
managed-flag true
max-interval 600
name-server fe80::ba27:ebff:fe35:4ae6 #thats the ip of a raspberry pi for adblocking dns
other-config-flag false
prefix ::/64 {
autonomous-flag true
on-link-flag true
valid-lifetime 2592000
}
reachable-time 0
retrans-timer 0
send-advert true
}
}
speed auto
vif 20 {
address 192.168.100.1/24
description Guest
firewall {
in {
ipv6-name client6-in
name GUEST_IN
}
local {
ipv6-name client6-local
name GUEST_LOCAL
}
}
ipv6 {
dup-addr-detect-transmits 1
router-advert {
cur-hop-limit 64
link-mtu 0
managed-flag true
max-interval 600
name-server fe80::ba27:ebff:fe35:4ae6
other-config-flag false
prefix ::/64 {
autonomous-flag true
on-link-flag true
valid-lifetime 2592000
}
reachable-time 0
retrans-timer 0
send-advert true
}
}
}
ubnt@ubnt# show firewall ipv6-name WANv6_IN
default-action drop
description "WAN inbound traffic forwarded to LAN"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 30 {
action accept
description "Allow IPv6 icmp"
protocol ipv6-icmp
}
[edit]
ubnt@ubnt# show firewall ipv6-name WANv6_LOCAL
default-action drop
description "WAN inbound traffic to the router"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 30 {
action accept
description "Allow IPv6 icmp"
protocol ipv6-icmp
}
rule 40 {
action accept
description "allow dhcpv6"
destination {
port 546
}
protocol udp
source {
port 547
}
}
If you need anything else, please let me know. And thanks in advance four your help!
Greetings
↧
[ER-X] random internet dropouts - 1 ER-x + 1 Unifi ACAP-pro
Hi
For the last month I've been seeing internet dropouts...
no specific intervals or similar
what I'm seeing is that the WAN ip never disappears from the router and I can ping the WAN ip almost every time... I can't say that it's not just a quirk that it sometimes times out during ping.
I can never ping google or similar when this happens.
LAN keep's running but of course no WAN access.
I can't figure out if it's the Router or something at the ISP side.
There's no advanced VLAN's or anything remotely advanced.. only some Port forwarding..
I had some DDNS running but I thought to turn that off today just to check..
What can I do to check at my end ? any debug logging or similar?
I'm not really a hardcore network guy so reading said log might not help me but perhaps it can help someone here guide me further.
Hoping for a few pointers to look for.
↧
dnsmasq and CNAME
Hi to all
I'm trying to add a CNAME record using dnsmasq. But it does not work. I have a EdgeRouter X-SFP running with v1.9.0.
I ran the following line in order to add the CNAME record:
- set service dns forwarding options cname=test,router.hika1
I cannot see why it doesn't work. I can ping "router.hika1" but not "test". Any hints?
Please see my whole config below:
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address dhcp
description Internet
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
}
ethernet eth1 {
description Local
duplex auto
speed auto
}
ethernet eth2 {
description Local
duplex auto
speed auto
}
ethernet eth3 {
description Local
duplex auto
speed auto
}
ethernet eth4 {
description Local
duplex auto
speed auto
}
ethernet eth5 {
duplex auto
speed auto
}
loopback lo {
}
switch switch0 {
description Local
mtu 1500
switch-port {
interface eth1 {
vlan {
pvid 10
vid 20
vid 30
}
}
interface eth2 {
vlan {
pvid 10
vid 20
vid 30
}
}
interface eth3 {
vlan {
pvid 10
vid 20
vid 30
}
}
interface eth4 {
vlan {
pvid 10
vid 20
vid 30
}
}
vlan-aware enable
}
vif 10 {
address 192.168.182.1/26
mtu 1500
}
vif 20 {
address 192.168.182.65/26
mtu 1500
}
vif 30 {
address 192.168.182.129/26
mtu 1500
}
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name lan0 {
authoritative enable
subnet 192.168.182.0/26 {
default-router 192.168.182.1
dns-server 192.168.182.1
lease 86400
start 192.168.182.30 {
stop 192.168.182.62
}
static-mapping cisco-01 {
ip-address 192.168.182.5
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping cp1525n {
ip-address 192.168.182.7
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping gs105e {
ip-address 192.168.182.8
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping nas {
ip-address 192.168.182.4
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping qlproxy {
ip-address 192.168.182.2
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping qlproxyP {
ip-address 192.168.182.15
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping radio {
ip-address 192.168.182.6
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping router {
ip-address 192.168.182.1
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping uap {
ip-address 192.168.182.3
mac-address xx:xx:xx:xx:xx:xx
}
static-mapping vbox {
ip-address 192.168.182.9
mac-address xx:xx:xx:xx:xx:xx
}
}
}
shared-network-name lan1 {
authoritative enable
subnet 192.168.182.64/26 {
default-router 192.168.182.65
dns-server 192.168.182.65
lease 86400
start 192.168.182.66 {
stop 192.168.182.99
}
}
}
shared-network-name lan2 {
authoritative enable
subnet 192.168.182.128/26 {
default-router 192.168.182.129
dns-server 192.168.182.129
lease 86400
start 192.168.182.130 {
stop 192.168.182.149
}
}
}
use-dnsmasq enable
}
dns {
forwarding {
cache-size 400
listen-on switch0.10
listen-on switch0.20
listen-on switch0.30
options cname=test,router.hika1
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 5010 {
description "masquerade for WAN"
outbound-interface eth0
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
domain-name hika1
host-name ubnt
login {
user admin {
authentication {
encrypted-password xyz
plaintext-password ""
}
level admin
}
}
name-server 127.0.0.1
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat enable
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone Europe/Berlin
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.9.0.4901118.160804.1131 */Thanks a lot!
Best regards,
chgruem
↧
↧
WAN load balance for one WAN wireless ISP the other DSL
Hi I have both a 3down/1up wireless isp connection and a 12/1 DSL connection. The wireless ISP is very reliable all the time but there is a 100gb monthly cap and the DSL is mostly used for streaming. How can I set up the rule that streaming always favors the DSL and everything else is 50/50 between the connections and to max out the wireless at 3gb per day max? Is this complex a rule possible? Thank You
↧
Crash course on ERL3 VLAN to dual WAN? 2 ISPs/2 VLANs want to direct to separate WANs
Here is a basic overview of my network
ERL3 single LAN dual WAN
Procurve 48 port GigE switch
Procurve 24 port PoE switch
UniFi AC wireless AP
ERL is linked to 48 port with GigE ethernet, Procurves are linked with Gig SFPs.
What I want to do is point all traffic from VLAN 100 on the 24 port switch and tagged SSID on UniFi network to ISP1 on ERL eth1 and VLAN 5 traffic from everything else (48 port switch and the main SSID on UniFi) to ISP2 on ERL eth2.
Preferrably in the GUI, I've had a hell of a time finding anything that references a VLAN in it.
Forgot to add - looking to isolate the 2 VLANs from each other, I don't want them to be visible from one another.
HELP!
Thanks in advance!
VLAN colors:
Red VLAN 100
Yellow VLAN 5
Orange VLANs 100 & 5 mixed
↧
DHCP Lease table not updating after enabling dns-masq
I followed a guide linked below to enable dns-masq, but for some reason my DHCP table shows no leases. New devices connected definitely get an IP address. I am not sure what I did wrong but have attached the DHCP server portion of my config. If anyone could assist that would be awesome. I used this link below as a guide. Thanks.
https://loganmarchione.com/2016/08/edgerouter-lite-dnsmasq-setup/
ubnt@toe-rtr:~$ show dhcp leases IP address Hardware Address Lease expiration Pool Client Name ---------- ---------------- ---------------- ---- ----------- ubnt@toe-rtr:~$
ubnt@toe-rtr# show service dhcp-server
disabled false
hostfile-update disable
shared-network-name eth1_dhcp {
authoritative disable
subnet 10.0.1.0/24 {
default-router 10.0.1.1
dns-server 10.0.1.1
lease 86400
start 10.0.1.101 {
stop 10.0.1.150
}
}
}
shared-network-name eth2_dhcp {
authoritative disable
subnet 10.0.2.0/24 {
default-router 10.0.2.1
dns-server 10.0.2.1
lease 86400
start 10.0.2.101 {
stop 10.0.2.150
}
}
}
shared-network-name eth3_dhcp {
authoritative disable
subnet 10.0.3.0/24 {
default-router 10.0.3.1
dns-server 10.0.3.1
lease 86400
start 10.0.3.101 {
stop 10.0.3.150
}
static-mapping camera1 {
ip-address 10.0.3.2
mac-address 00:00:00:00:00:02
}
static-mapping camera2 {
ip-address 10.0.3.3
mac-address 00:00:00:00:00:03
}
static-mapping camera3 {
ip-address 10.0.3.4
mac-address 00:00:00:00:00:04
}
static-mapping camera4 {
ip-address 10.0.3.5
mac-address 00:00:00:00:00:05
}
static-mapping camera5 {
ip-address 10.0.3.6
mac-address 00:00:00:00:00:06
}
static-mapping camera6 {
ip-address 10.0.3.7
mac-address 00:00:00:00:00:07
}
static-mapping camera7 {
ip-address 10.0.3.8
mac-address 00:00:00:00:00:08
}
static-mapping camera8 {
ip-address 10.0.3.9
mac-address 00:00:00:00:00:09
}
static-mapping camera9 {
ip-address 10.0.3.10
mac-address 00:00:00:00:00:10
}
static-mapping camera10 {
ip-address 10.0.3.11
mac-address 00:00:00:00:00:11
}
static-mapping camera11 {
ip-address 10.0.3.12
mac-address 00:00:00:00:00:12
}
static-mapping camera12 {
ip-address 10.0.3.13
mac-address 00:00:00:00:00:13
}
static-mapping camera13 {
ip-address 10.0.3.14
mac-address 00:00:00:00:00:14
}
static-mapping camera14 {
ip-address 10.0.3.15
mac-address 00:00:00:00:00:15
}
static-mapping camera15 {
ip-address 10.0.3.16
mac-address 00:00:00:00:00:16
}
static-mapping camera16 {
ip-address 10.0.3.17
mac-address 00:00:00:00:00:17
}
static-mapping camera17 {
ip-address 10.0.3.18
mac-address 00:00:00:00:00:18
}
static-mapping camera18 {
ip-address 10.0.3.19
mac-address 00:00:00:00:00:19
}
static-mapping camera19 {
ip-address 10.0.3.20
mac-address 00:00:00:00:00:20
}
static-mapping camera20 {
ip-address 10.0.3.21
mac-address 00:00:00:00:00:21
}
static-mapping camera21 {
ip-address 10.0.3.22
mac-address 00:00:00:00:00:22
}
static-mapping camera22 {
ip-address 10.0.3.23
mac-address 00:00:00:00:00:23
}
static-mapping camera23 {
ip-address 10.0.3.24
mac-address 00:00:00:00:00:24
}
static-mapping camera24 {
ip-address 10.0.3.25
mac-address 00:00:00:00:00:25
}
static-mapping camera25 {
ip-address 10.0.3.26
mac-address 00:00:00:00:00:26
}
static-mapping camera26 {
ip-address 10.0.3.27
mac-address 00:00:00:00:00:27
}
static-mapping cameranvr {
ip-address 10.0.3.50
mac-address 00:00:00:00:00:50
}
}
}
use-dnsmasq enableubnt@toe-rtr# show service dns
forwarding {
cache-size 400
listen-on eth1
listen-on eth2
listen-on eth3
name-server 8.8.8.8
name-server 8.8.4.4
}
[edit]
ubnt@toe-rtr#
↧
Resolv.conf - domain-search
Im trying to add a domain-search but i get following "error":
System configuration error. Both 'domain-name' and 'domain-search' are specified, but only one of these mutually exclusive parameters is allowed.
I did not know resolv.conf was only allowed to use domain-name or domain-search, as far as i know it is allowed at leaset in linux.
Maybe iam wrong?
↧
↧
Basic Queue
Good day. I would like to ask. How to use Basic queue is there any documentation about it.
Im configuring it. but its always Failed to apply Configuration. just a basic config.
I just want to limit p2p and some youtube / some media streaming sites.
Thank you.
↧
upgrade fails from GUI and CLI
I rebooted it, reset it to default turned it on turned it off it won't upgrade. Thanks
admin@edgemax-rtr:/config$ add system image https://dl.ubnt.com/firmwares/edgemax/v1.9.0/ER-e100.v1.9.0.4901118.tar
Trying to get upgrade file from https://dl.ubnt.com/firmwares/edgemax/v1.9.0/ER-e100.v1.9.0.4901118.tar
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
89 82.9M 89 73.8M 0 0 940k 0 0:01:30 0:01:20 0:00:10 960k
curl: (23) Failed writing body (4829 != 16384)
Unable to get upgrade file from https://dl.ubnt.com/firmwares/edgemax/v1.9.0/ER-e100.v1.9.0.4901118.tar
admin@edgemax-rtr:/config$ df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/root 1682184 98296 1498436 6% /root.dev
unionfs 1682184 98296 1498436 6% /
tmpfs 241936 0 241936 0% /lib/init/rw
tmpfs 241936 112 241824 0% /var/run
tmpfs 241936 1908 240028 1% /var/log
tmpfs 241936 0 241936 0% /var/lock
tmpfs 241936 4 241932 0% /dev/shm
tmpfs 241936 166132 75804 69% /tmp
none 241936 360 241576 0% /opt/vyatta/config
unionfs 241936 166132 75804 69% /opt/vyatta/config/tmp/new_config_1ofee1af1fl6l67cqgkb7ahju3
unionfs 241936 166132 75804 69% /opt/vyatta/config/tmp/new_config_s8qfp9eo6mgt5v09lkcoa35dv3
↧
EdgeRouter X SFP - SFP port is unusable
We just wasted several hours trying to deploy an EdgeRouter X SFP using the SFP port. The problem is pretty easy to reproduce. Using a FiberPoE and and EdgeRouter X SFP, connect the two devices using a couple of SFPs and fiber, a SFP direct attach cable (DAC), or a 1000baseT copper gigabit SFP. If the SFPs are plugged in when the EdgeRouter X SFP is first powered up, the link is successfully negotiated, and the FiberPoE lights up blue indicating the presense of link on the fibre. If you then remove link from the SFP (unplug the fiber for a few seconds, then plug it back in), the EdgeRouter X SFP will no longer negotiate link on the SFP port. Instead, the FiberPoE sits there with its indicator light being white and its copper port down. Power cycle the EdgeRouter X SFP, and the link will come back up until the fiber link is flapped again.
This behaviour makes the EdgeRouter X SFP unusable with a fiber connection. Any time the link drops, it won't autonegotiate correctly again. Maybe, if the EdgeRouter X SFP could be forced to gigabit speeds this wouldn't be an issue. Using a pair of FiberPoE in the same configuration works perfectly.
This behaviour is the same on firmware versions 1.8.5 and 1.9.0.
↧
Vlan for Guest Wifi
I am a Novice trying to setup a seperate VLAN for GuestWifi on our network. Here is my setup:
1x Verizon FIOS router, 1 x Edgemax router, 1 x Netgear Switch, 3 x POE Tough Switches, 9 x UNIFI AP with corporate and guest wifi
1) Edgemax Router:
Interfaces:
Local eth0 ethernet 192.168.0.1/24
GuestLan eth0.2 vlan 192.168.2.1/23
Internet eth1 ethernet 192.168.1.3/24 (connected with Verizon FIOS)
DHCP Servers:
DHCP-Default 192.168.0.0/24
DHCP-Guest 192.168.2.0/23
2) GSS108E – Netgear ProSAFE 8-port Gigabit Click Switch
Port 1: Connected to eth0 on Edgemax Router
Port 2: Connected to ToughSwitch 1
Port 3: Connected to ToughSwitch 2
Port 4: Connected to ToughSwitch 3
Port 5-8: Other Miscellaneous devices for Corporate Network
3) ToughSwitches 1-3
Port 1: Connected to NetgearProSafe corresponding port (see above)
Ports 2-4: Connected to UNIFI APs running two Wifi SSIDs (Corporate and guest). Guest Wifi is configured to use VlanID 2
With this configuration I am able to connect to guest wifi and obtain an IP address from the DHCP guest pool on EdgeMax, but am not able to have any internet connectivity. I will appreciate guidance on tagging vlans on Toughswitches as well as the Netgear Switch because the concept of tagging and trunk lines are still confusing to me. I am able to access relevant web interfaces to configure VLANs on toughswitches as well as the network switch but do not know which port to tag or untag or exclude for that matter?
Thank you in advance.
↧
↧
NAT bypassing Firewall rules
I noticed that NAT rules seem to bypass any firewall (in) rules. I wanted to restrict access to a forwarding to a certain IP set, but even a drop all for the specific port doesn't seem to do anything. I assume this was implemented to make NAT easy to use (not having to build an exception into drop all by default rules), but is there any way to undo this?
↧
Edge Router Lite on PPPoE 1Gb
Hi,
I'm not yet a user of an Edge Router but I want to purchase one soon, but before that I have a few questions:
1. Can I have 1Gb/sec troughtpout (WAN > LAN) using hardware offload with the router if my WAN connection is PPPoE? considering NAT, firewall rules (not many) etc
2. If I enable hardware offload on the router how many functions will I have then? QOS, packet inspection etc...because I gues not many of them will remain active.
Thanks,
Adrian
↧
edgerouter X(FW v1.9) Unifi Controller(v5.2.9) and VLAN
I am having trouble with VLAN setup between my edgerouter X(FW v1.9) Unifi Controller(v5.2.9) and UAP AC Lite
Edge router settings
have my edge router was set up as load balancing with failover selected VIA wizard then added the 2 additional DHCP servers and 2 VLANs
have DHCP/ VLAN set as follows
native VLAN 192.168.20.1/24
192.168.30.1/24 - VLAN 30 = name(F)
192.168.40.1/24 - VLAN 40 = name(G)
for VLAN 30
subnet - 192.168.30.0/24
router - 192.168.30.1
DNS 1 - 8.8.8.8
DNS 2 - 8.8.4.4
same with VLAN 40 only changing the subnet to 40
ALL pointed to switch 0
Unifi Controller settings as follows
have 3 wireless networks
M - native VLAN - WPA Personal
F - VLAN 30 - WPA Personal
G - VLAN 40 - WPA Personal
issue is M with native VLAN connects to the internet fine, F and G with VLAN 30 and 40 show as connected to the internet but keep getting "connection was reset"
apparently there is a setting i do not have correct ,
would appreciate if you can assist
↧
GUI problem
Hi!
I run Edgerouter X SFPv1.9.0 and I use Chrome browser. I encounter a graphic problem in the discover window. The scrollbar to the right is so tiny when I open a post.
Can anyone confirm this? I think I have seen this on some other window also but I can not recall.
↧
↧
eth1/LAN1 problem after upgrade to 1.9.0 - working but LAN1 not available
I just upgraded my ERL to 1.9.0 from 1.8.0 this morning and ran into a few problems. My firewall rules didn't transfer, and then the router refused to respond when I added them back so I had to factory reset. After that I uploaded the 1.8.0 config I saved this morning before upgrading but it didn't work correctly, so I have to rewrite my firewall rules. I only have a few so it wan't take too long, but still...
See the attached photo. I've circled the items of interest:
- eth1 shows unlit (e.g. not green) in the GUI dashboard but works fine. The DHCP server is working, the Internet works fine, etc.
- In the same photo are the results of the 'show interfaces' command using putty, which are correct. eth0 is Internet, eth1 is LAN1 (in use) and eth2 is LAN2 (active but not connected).
- LAN1 isn't available as an interface, & I therefore can't apply firewall rules.
I've gone through the forums here but can't find a similar problem. Is there something I missed in the upgrade, and why is there a mismatch between the GUI and the 'show interfaces' command?
Using Chrome Version 53.0.2785.143 m (64-bit). Same problem with Firefox version 47.0.1.
↧
Advanced Queue Web GUI not showing leaves
Hi I am on an ERP v1.9.0
This is the result of show traffic-control advanced-queue :
branch {
queue 100 {
bandwidth 20mbit
description Upload
parent 1
}
queue 200 {
bandwidth 20mbit
description Download
parent 1
}
}
filters {
match 100 {
attach-to 1
description "WAN upload"
ip {
source {
address 192.168.1.0/24
}
}
target 100
}
match 199 {
attach-to 100
description Default
target 199
}
match 200 {
attach-to 1
description "WAN download"
ip {
destination {
address 192.168.1.0/24
}
}
target 200
}
match 299 {
attach-to 200
description Default
target 299
}
}
leaf {
queue 199 {
bandwidth 20mbit
description default
parent 100
queue-type FQCODEL_UP
}
queue 299 {
bandwidth 20mbit
description default
parent 200
queue-type FQCODEL_DOWN
}
}
queue-type {
fq-codel FQCODEL_DOWN {
}
fq-codel FQCODEL_UP {
}
}
root {
queue 1 {
attach-to global
bandwidth 40mbit
description WAN
}
}
It is not reflected in the Web GUI (screen grab attached).
Is this a bug, or am I missing something?
Thanks.
↧
Carrier Grade Nat
Hello all, I'm looking to see if there is any ability to do deterministic port mapping aka Carrier Grade NAT in the Edgerouter platform. I have Edgerouters Deployed throughout my network, and I love the throughput due to HW offload that I get. However, for my core, I'm lacking the ability to map outgoing port numbers to a particular internal IP with NAT. Since I have private IP's for my customers, I need a way to process DMCA & FBI requests. This means I need to have a way to figure out what customers were doing what. The way this is commonly done, is to map outgoing port numbers to customers in an orginized fashion, so when you get a DMCA request, you can look at the originating port number and know exactly who is to blame.
I.E:
ports 2000-3000 = 10.0.0.10
ports 3001-4000 = 10.0.0.11
etc etc.
Mikrotik can do this, but their products don't have the throughput performance of Edgerouter. But, at this point, i will have to stick with them if EdgeOS can't do this.
Thanks for any input.
-Matt
↧