I like to use Google DNS for IPv4 and IPv6.
The Google IPv4 DNS I put at the LAN DHCP Server setup.
How I can do this with the Google IPv6 DNS?
↧
Google IPv6
↧
Firewall Configs only apply to Forward chain
I had a couple of questions about Firewalling/IPTables on EdgeOS as I can't seem to figure out how to apply what I want without resorting to manual iptables rules - which I would like to avoid.
Some setup info:
eth0: LAN interface
eth1: Modem interface I use to manage my modem
pppoe0: WAN interface. PPP connection uses eth1
Currently I have *very* simple firewall ruleset called WAN_IN. It only allows established or related traffic and is applied to incoming traffoc on the pppoe0 interface only:
ubnt@ubnt# show firewall
all-ping enable
broadcast-ping disable
group {
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN IN"
rule 1 {
action accept
description "Established or Related"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
}
options {
mss-clamp {
mss 1412
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enableubnt@ubnt# show interfaces ethernet eth1 pppoe
pppoe 0 {
default-route auto
firewall {
in {
name WAN_IN
}
}
mtu 1492
name-server auto
password xxxxxxxxxxxx
user-id xxxxxxxxxxxxxxxxx
}-----
I also have "Enable auto firewall" in my NAT config enabled so it will also add ACCEPT rules for any port forward I configre
ubnt@ubnt# show port-forward
auto-firewall enable
hairpin-nat enable
lan-interface eth0
rule 1 {
description ssh
forward-to {
address 10.0.1.3
port 22
}
original-port 22
protocol tcp
}
rule 2 {
description https
forward-to {
address 10.0.1.3
port 443
}
original-port 443
protocol tcp
}
rule 3 {
description http
forward-to {
address 10.0.1.3
port 80
}
original-port 80
protocol tcp
}
wan-interface pppoe0-------
I also have DNSMasq enabled on my EdgeRouter to serve DNS queries for my internal network:
ubnt@ubnt# show service dns forwarding
cache-size 1024
listen-on eth0
name-server 8.8.8.8
name-server 8.8.4.4
-----
The problem is that I noticed that port 53 is clearly open to anything on the internet on my pppoe0/external IP despite my firewall rules specifically only allowed established/related connections as well as my port forward definitions on ports 22,80, and 443. I know DNSMasq is not responding to queries on my WAN IP - but I don't want it even being open.
Looking at the actual kernel level iptables configuration being applied I see that all of the above rules are only being applied as JUMP targets in the FORWARD chain. eg:
ubnt@ubnt:~$ sudo iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
UBNT_VPN_IPSEC_FW_HOOK all -- 0.0.0.0/0 0.0.0.0/0
VYATTA_FW_LOCAL_HOOK all -- 0.0.0.0/0 0.0.0.0/0
VYATTA_POST_FW_IN_HOOK all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
MINIUPNPD all -- 0.0.0.0/0 0.0.0.0/0
UBNT_VPN_IPSEC_FW_IN_HOOK all -- 0.0.0.0/0 0.0.0.0/0
UBNT_PFOR_FW_HOOK all -- 0.0.0.0/0 0.0.0.0/0
VYATTA_FW_IN_HOOK all -- 0.0.0.0/0 0.0.0.0/0
VYATTA_FW_OUT_HOOK all -- 0.0.0.0/0 0.0.0.0/0
VYATTA_POST_FW_FWD_HOOK all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
VYATTA_POST_FW_OUT_HOOK all -- 0.0.0.0/0 0.0.0.0/0
Chain MINIUPNPD (1 references)
target prot opt source destination
Chain UBNT_PFOR_FW_HOOK (1 references)
target prot opt source destination
UBNT_PFOR_FW_RULES all -- 0.0.0.0/0 0.0.0.0/0
Chain UBNT_PFOR_FW_RULES (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 10.0.1.3 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 10.0.1.3 tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 10.0.1.3 tcp dpt:80
Chain UBNT_VPN_IPSEC_FW_HOOK (1 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 500,4500
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
Chain UBNT_VPN_IPSEC_FW_IN_HOOK (1 references)
target prot opt source destination
ACCEPT all -- 10.0.0.0/24 10.0.1.0/24
Chain VYATTA_FW_IN_HOOK (1 references)
target prot opt source destination
WAN_IN all -- 0.0.0.0/0 0.0.0.0/0
Chain VYATTA_FW_LOCAL_HOOK (1 references)
target prot opt source destination
Chain VYATTA_FW_OUT_HOOK (1 references)
target prot opt source destination
Chain VYATTA_POST_FW_FWD_HOOK (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain VYATTA_POST_FW_IN_HOOK (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain VYATTA_POST_FW_OUT_HOOK (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain WAN_IN (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0 /* WAN_IN-1 */ state RELATED,ESTABLISHED
DROP all -- 0.0.0.0/0 0.0.0.0/0 /* WAN_IN-10000 default-action drop */
The problem is that port 53 is not being forwarded, as it is a service listening direcetly on the host, so I need to be able to apply an INPUT rule in order to firewall it.
How can I manage any of the filter table INPUT chain rules to accomplish something like blocking incoming requests to port 53 on my pppoe0 interface? Specifically filter table chains: INPUT, UBNT_VPN_IPSEC_FW_HOOK, VYATTA_FW_LOCAL_HOOK, or VYATTA_POST_FW_IN_HOOK?
↧
↧
IPv6 Setup
Well, after much searching this was a bit harder to come across than I thought!
I recently purchased an EdgeRouter X and it is simply amazing that a $50 router can perform as amazingly as it does. However, IPv6 was a bit esoteric to figure out for me, probably doesn't help that I was thinking about it as if I was using IOS (where "int g0/1; ipv6 addr :1/64 eui-64; ipv6 ena; exit; ipv6 uni" enables it all) but with a bit of combing through documentation I did get it to work, not without having to hard reset router because I didn't use commit-confirm the first time! (Which is quite a nice feature)
Something I would like to make a small complaint about though, the setup wizard claims it will setup IPv6-PD, but it doesn't! It will setup the generic firewall rules, but it doesn't actually go far enough that IPv6 actually works.
Luckily, after some research it wasn't that hard to get working (and honestly, should be done by the wizard as well)
set interfaces ethernet eth0 dhcpv6-pd pd 0 set interfaces ethernet eth0 dhcpv6-pd pd 0 prefix-length 60 set interfaces ethernet eth0 dhcpv6-pd rapid-commit enable set interfaces ethernet eth0 dhcpv6-pd pd 0 interface switch0 set interfaces ethernet eth0 dhcpv6-pd pd 0 interface switch0 host-address ::1 set interfaces ethernet eth0 dhcpv6-pd pd 0 interface switch0 prefix-id :1 set interfaces ethernet eth0 dhcpv6-pd pd 0 interface switch0 service slaac set interfaces switch switch0 ipv6 router-advert prefix ::/64 set interfaces switch switch0 ipv6 router-advert managed-flag true commit-confirm
confirm
save
And it works beautifully, the only other thing I did was add a static address to switch0 so it is also accessible via IPv6 instead of just 192.168.1.1, but that is just set interfaces switch switch0 address fd::1/128.
Either way, I hope this helps someone else out there, it seems like all the other forum posts tell people to do the dhcpv6-pd setup for each ethernet interface which is crazy in my opinion when it works just fine from the switch0 interface.
↧
Basic Queue QOS
I need your advice on the basic Queue. My goal is to lower down P2P and other applications and give priority on streaming sites and social network.
Also my total Internet bandwith is only 15m download / 3-4mb upload that is why i need to implement QOS
On the screenshot below:
1. my private VLAN IP 172.16.0.1/22 --> Internet p2p
2. 192.168.1.0/24 --> <Amazon AWS Controller> (These are Unifi AP i had to put a priority speed to my controller since it always got hearbeat miss due to out of bandwidth)
3. Social Netowork (facebook, etc)
4. Streaming sites (Youtube etc.
I have 2 Questions:
1. how can i make an QOS for "OTHER" traffic other than specified above?
2. This is a remote site. how can i add also priority for Accessing Webserver(EdgeRouter GUI, AIRMAX GUI) from my pc at home? By the way my pc doesn't have a static ip but the remote site has one.
↧
Gre tunnel between ER8 and Ubuntu VPS
I have been trying to setup a GRE tunnel between a VPS running Ubuntu 16.04 and an ER8 however i cant seem to get it working, I have not been able to find any documentation on doing it between an Edgemax router and a base linux install, Does anyone know if this is possible and if so would you be able to point me in the right direction?
↧
↧
Please help me setup with Port Forwarding for Plex Server
Hello, I just got my new Edge Lite Unit. First for the good news, I am glad to report the unit is getting about 950 Mbps Up / 950 Mbps Down on Speed Test. My Netgear R7000 only managed 600 Mbps Up/Down on the same test. Currently ETH-0 = WAN Fiber / ETH-1 = LAN / ETH-2 = OOMA. OOma working fine no issues. I am now trying to get port forwaring setup using the Firewall Tab and then followed by the NAT tab.
This is the youtube video I followed on getting it working;
https://www.youtube.com/watch?v=7QSRNwFo6os
Here is my configutarion
dsngjoe@ubnt:~$ show configuration
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action accept
description "Plex Server Port"
destination {
port 32400
}
log disable
protocol tcp_udp
}
rule 30 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address dhcp
description Internet
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
}
ethernet eth1 {
address 10.0.0.1/24
description "Local LAN"
duplex auto
speed auto
}
ethernet eth2 {
address 10.0.2.1/24
description "Voice Port"
duplex auto
speed auto
}
loopback lo {
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN1 {
authoritative enable
subnet 10.0.0.0/24 {
default-router 10.0.0.1
dns-server 8.8.8.8
dns-server 8.8.4.4
lease 86400
start 10.0.0.2 {
stop 10.0.0.254
}
}
}
shared-network-name LAN2 {
authoritative enable
subnet 10.0.2.0/24 {
default-router 10.0.2.1
dns-server 10.0.2.1
lease 86400
start 10.0.2.38 {
stop 10.0.2.243
}
}
}
}
dns {
forwarding {
cache-size 150
listen-on eth1
listen-on eth2
}
}
gui {
https-port 443
}
nat {
rule 1 {
description "Plex Server Traffic to Synology"
destination {
group {
address-group ADDRv4_eth0
}
port 32400
}
inbound-interface eth0
inside-address {
address 10.0.0.59
port 32400
}
log disable
protocol tcp_udp
type destination
}
rule 5010 {
description "masquerade for WAN"
outbound-interface eth0
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
host-name ubnt
login {
user dsngjoe {
authentication {
encrypted-password ****************
}
level admin
}
}
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
Please advice what I am doing wrong. Thanks for any guidance and I am so happy so far with these results.
↧
Netflow is broken - how do I fix?
Packet capture verifies that Netflow is not sending anything out.
Config is below:
set system flow-accounting disable-memory-table
set system flow-accounting ingress-capture pre-dnat
set system flow-accounting interface eth0
set system flow-accounting interface eth0.2
set system flow-accounting interface eth1
set system flow-accounting interface vti0
set system flow-accounting netflow engine-id 1
set system flow-accounting netflow server 172.x.x.x port 2055
set system flow-accounting netflow version 9
set system flow-accounting syslog-facility daemon
When I attempt to delete the config, I get this:
admin@XXX-ERLITE# delete system flow-accounting
[edit]
admin@XXX-ERLITE# commit
[ system flow-accounting ]
Removing flow-accounting for [eth0][ingress][pre-dnat]
Removing flow-accounting for [eth0][egress]
Error: failed to find target [eth0][egress][VYATTA_POST_FW_FWD_HOOK][filter]
Also, after executing the above, future attempts to delete the config result in.
admin@XXX-CPE-ERLITE# delete system flow-accounting
Nothing to delete (the specified value does not exist)
[edit]
admin@XXX-CPE-ERLITE#
Re-running the show configuration commands command shows that my system flow-accounting config is still there even though the system says it has nothing to delete.
I have tried upgrading to version 1.91, but it did nothing to solve the problem.
Please advise with any possible solution to get Netflow working again!
Thanks!
↧
Setting up and isolating 2 networks
Hello.
2 days of frustration imI am here crying for help.
I would like to set up my router so that:
1) 2 (eth1, eth2) devices are in one network accessing internet from eth0
2) 3rd device (eth3) is on a different network and also accessing the internet from eth0.
Also, two networks should not see each other.
(The internet is coming into eth0 from another router and has a 192.168.1.116 address).
How do I do these networks and separation? Could someone help please.
Thank you!
2 days of frustration imI am here crying for help.
I would like to set up my router so that:
1) 2 (eth1, eth2) devices are in one network accessing internet from eth0
2) 3rd device (eth3) is on a different network and also accessing the internet from eth0.
Also, two networks should not see each other.
(The internet is coming into eth0 from another router and has a 192.168.1.116 address).
How do I do these networks and separation? Could someone help please.
Thank you!
↧
Established/Related Rule Allows NEW TCP Connections?
In the rule HOME_IN I was successfully able to block addresses on eth2 (192.168.2.1/24) from talking to eth1 (192.168.1.0/24)
However, when I try to add an ESTABLISHED/RELATED rule to HOME_IN to punch a hole to let eth1 addresses to talk to eth2 addresses -- it allows eth2 addresses to pass again.
I would have thought that ESTABLISHED/RELATED wouldn't work without allowing NEW? I've googled explainations of the iptables stateful meanings and am at a loss.
When HOME_IN Rule 10 is enabled you can see the undesired behavior.
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name HOME_IN {
default-action accept
description HOME_LAN_IN
enable-default-log
rule 10 {
action accept
description "allow established sessions"
disable
log enable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 20 {
action drop
description "drop invalid state"
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
rule 30 {
action drop
description "block WORK NETWORK 192.168.2.0/24"
destination {
address 192.168.2.0/24
}
log enable
protocol all
source {
}
}
}
name WAN_IN {
default-action drop
description "packets from Internet to LAN & WLAN"
enable-default-log
rule 1 {
action accept
description "allow established sessions"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 2 {
action drop
description "drop invalid state"
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
}
name WAN_LOCAL {
default-action drop
description "packets from Internet to the router"
enable-default-log
rule 1 {
action accept
description "allow established session to the router"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 2 {
action drop
description "drop invalid state"
log enable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address dhcp
description WAN
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
}
ethernet eth1 {
address 192.168.1.1/24
description LAN
duplex auto
firewall {
in {
name HOME_IN
}
}
speed auto
}
ethernet eth2 {
address 192.168.2.1/24
description LAN2
duplex auto
speed auto
}
loopback lo {
}
}
↧
↧
EdgeRouter X SFP v1.9.1 IP forwarding
Hi I can not setup my EdgeRouter X SFP and need some help.
so my config is here in photos
So I have UBNT AC-500 on eth0 with IP 192.168.20.28 and 192.168.20.29 but I can not connect on it.
what should I do to make connection from eth4 - DHCP ( locacl ) to AC-500 ?
behind eth1 = Linux server who get direct IP 45.247.65.45
behine eth2 = small DHCP server with outgoing IP 45.247.65.46
behine eth3 = UBNT M2M wifi network with outgoing IP 45.247.65.46
behine eth4 = local DHCP server with outgoing IP 45.247.65.44
I aways use this local network but I can not connect to AC-500, that I need samo help.
thanks a lot.
↧
ER-X firmware update 1.9.1 - device broken?
hi,
today i made the firmware update from 1.9.0 to 1.9.1 on my ER-X. The upload via GUI was without errors, but then, after reboot the device was dead.
Before the update, i made a factory reset and i am using the default IP 192.168.1.1
Now i tried both reset options, the normal reset did not work. The reset during powering on seems to work, the led on eth4 was showing that. But after a few minutes, there is no access to the router via GUI or with a ping.
Is ther a other way, like tftp, to reset the device? Any ideas?
Regards, Jochen
↧
L2TP DHCPv6 "Interface is not configured for DHCP"
Hi,
When trying to set the listening interface for my L2TP VPN as eth0, I get an error when committing saying that the interface is not configured for DHCP, but it is.
interfaces {
ethernet eth0 {
address dhcpv6
description WAN
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
}
...
}Is there anyway to setup the L2TP VPN to listen on an interface which uses DHCPv6?
VPN config:
vpn {
ipsec {
auto-firewall-nat-exclude enable
ipsec-interfaces {
interface eth0
}
}
l2tp {
remote-access {
authentication {
local-users {
username ***************** {
password ****************************
}
}
mode local
}
client-ip-pool {
start 192.168.1.250
stop 192.168.1.254
}
dhcp-interface eth0
dns-servers {
server-1 8.8.8.8
server-2 8.8.4.4
}
ipsec-settings {
authentication {
mode pre-shared-secret
pre-shared-secret ***********************
}
ike-lifetime 3600
}
}
}
}
↧
HW problem with EdgeRouter POE?
Hi,
Two weeks ago I bought an EdgeRouter POE and an Unifi AP AC PRO.
Both worked fine for 4 days, but the night after the EdgeRouted just died. If I remember correctly one led on the console port, eth2 and eth3 was blinking in a fixed frequency. I could not find anything related to this "error message" on the forum, neither did the reset work. So I returned the router and my dealer sent me a new one.
I have now had the new router for 2 days, and today it randomly rebooted. Is this really normal? Is there any log file that might indicate what was the cause of the reboot?
Thanks,
Fredrik
↧
↧
Failover Not Reverting
Hi,
EdgeRouter PoE, v1.9.1.
WAN1 (eth0) is primary, WAN2 (eth1) is failover. WAN1 uses PPPoE and is connected to the modem in bridge mode and so gets the public IP. WAN2 doesn't use PPPoE or anything, but due to EdgeRouter not liking the /32 DHCP'd by the ISP (link1, link2) the modem must be in router mode and not bridge mode. The WAN2 modem is 172.16.0.1, and has set a DMZ for 172.16.0.2 (eth1 on EdgeRouter).
Doing the simple "pull the cable out" test...
I can failover from WAN1 to WAN2 and only miss a few pings. Hurrah.
But when WAN1 returns, some traffic stays on WAN2 and some traffic goes on WAN1. This shouldn't happen - now WAN1 is back up there shouldn't be anything on WAN2 as it's a failover-only. Everything should revert to WAN1.
If after a few minutes of WAN1 being back up I pull the cable on WAN2, some devices just fail to get anywhere - they don't want to use WAN1 and will sit there getting nowhere. In the end I rebooted the router to get them using WAN1.
Config pasted below.
Thanks!
firewall {
all-ping enable
broadcast-ping disable
group {
network-group PRIVATE_NETS {
network 192.168.0.0/16
network 172.16.0.0/12
network 10.0.0.0/8
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians disable
modify balance {
rule 10 {
action modify
description "do NOT load balance lan to lan"
destination {
group {
network-group PRIVATE_NETS
}
}
modify {
table main
}
}
rule 20 {
action modify
description "do NOT load balance destination public address"
destination {
group {
address-group ADDRv4_pppoe0
}
}
modify {
table main
}
}
rule 30 {
action modify
description "do NOT load balance destination public address"
destination {
group {
address-group ADDRv4_eth1
}
}
modify {
table main
}
}
rule 70 {
action modify
modify {
lb-group G
}
}
}
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow IPTV Multicast UDP"
destination {
address 234.0.0.0/8
}
log disable
protocol udp
source {
address 109.0.0.0/8
}
}
rule 20 {
action accept
description "Allow IGMP"
log disable
protocol igmp
}
rule 30 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 40 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 50 {
action accept
description PLEX
destination {
address 192.168.4.1
port 32400
}
protocol tcp_udp
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow IPTV Mutlticast UDP"
destination {
address 234.0.0.0/8
}
log disable
protocol udp
source {
address 109.0.0.0/8
}
}
rule 20 {
action accept
description "Allow IGMP"
log disable
protocol igmp
}
rule 30 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 40 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
options {
mss-clamp {
mss 1412
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 10.255.255.255/32
description WAN
duplex auto
mtu 1508
poe {
output off
}
pppoe 0 {
default-route auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
mtu 1500
name-server none
password password
user-id bthomehub@btbroadband.com
}
speed auto
}
ethernet eth1 {
address 172.16.0.2/24
description "WAN 2"
dhcp-options {
default-route update
default-route-distance 210
name-server no-update
}
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
poe {
output off
}
speed auto
}
ethernet eth2 {
duplex auto
poe {
output off
}
speed auto
}
ethernet eth3 {
duplex auto
poe {
output off
}
speed auto
}
ethernet eth4 {
duplex auto
poe {
output off
}
speed auto
}
loopback lo {
}
switch switch0 {
address 192.168.1.1/16
description Local
firewall {
in {
modify balance
}
}
mtu 1500
switch-port {
interface eth2 {
}
interface eth3 {
}
interface eth4 {
}
vlan-aware disable
}
}
}
load-balance {
group G {
interface eth1 {
failover-only
route-test {
initial-delay 60
interval 10
type {
ping {
target 8.8.8.8
}
}
}
}
interface pppoe0 {
route-test {
initial-delay 60
interval 10
type {
ping {
target 8.8.8.8
}
}
}
}
lb-local enable
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface switch0
rule 1 {
description "Plex Server"
forward-to {
address 192.168.4.1
port 32400
}
original-port 32400
protocol tcp_udp
}
wan-interface pppoe0
}
protocols {
igmp-proxy {
interface eth0 {
alt-subnet 0.0.0.0/0
role upstream
threshold 1
}
interface switch0 {
alt-subnet 0.0.0.0/0
role downstream
threshold 1
}
}
static {
route 0.0.0.0/0 {
next-hop 172.16.0.1 {
}
}
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN {
authoritative enable
subnet 192.168.0.0/16 {
default-router 192.168.1.1
dns-server 192.168.1.1
lease 86400
start 192.168.38.102 {
stop 192.168.243.51
}<Static Mappings sanitised>
unifi-controller 192.168.2.255
}
}
use-dnsmasq disable
}
dns {
forwarding {
cache-size 150
listen-on switch0
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 5 {
description PLEX
destination {
port 32400
}
inbound-interface pppoe0
inside-address {
address 192.168.4.1
port 32400
}
protocol tcp_udp
type destination
}
rule 6 {
description PLEX
destination {
port 32400
}
inbound-interface eth1
inside-address {
address 192.168.4.1
port 32400
}
protocol tcp_udp
type destination
}
rule 5000 {
description "masquerade for WAN"
outbound-interface pppoe0
type masquerade
}
rule 5002 {
description "masquerade for WAN 2"
outbound-interface eth1
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
conntrack {
expect-table-size 4096
hash-size 4096
table-size 32768
tcp {
half-open-connections 512
loose enable
max-retrans 3
}
}
host-name ubnt
login {
user admin {
authentication {<Sanitised>
}
full-name Administrator
level admin
}
}
name-server 8.8.8.8
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat disable
ipv4 {
forwarding enable
pppoe enable
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.9.1.4939093.161214.0705 */
↧
Routeredge No DHCP when internet drops
Lately my internet has been cutting off and I noticed that DHCP stops working as well. DHCP is coming from the router edge and not the modem. Seems like when the WAN is disconnected DHCP stops working as well? All static divices work fine to connect to internal devices. but DHCP devices show no network until I static the devices for the mean time. Devices connected to the UniFi Ap disconnect from AP as well. Any solution to keeping dhcp active when wan is disconnected?
↧
vlan0 working vlan1 not
Hi everyone. I was able to get vlan0 working but not vlan1, the only difference between the two is vlan0 it udp 1194 and vlan1 is tcp 443. i have repointed the router webinterface to different port and listen to specific ip. but still cant get tcp to work. can some one look at my config and point me to my error? Thanks so much.
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians disable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action drop
description "drop bad 1"
log disable
protocol all
source {
address 46.174.191.1-46.174.191.255
}
state {
established enable
invalid enable
new enable
related enable
}
}
rule 20 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 30 {
action accept
description http-pi-80
destination {
address 192.168.69.127
port 80
}
log disable
protocol tcp
}
rule 40 {
action accept
description allstarlink-4569
destination {
address 192.168.69.146
port 4569
}
log disable
protocol tcp_udp
}
rule 50 {
action accept
description NVR
destination {
port 8000,9000,1026
}
log disable
protocol tcp_udp
}
rule 60 {
action accept
description obi100-10000,8081
destination {
address 192.168.69.145
port 10000,8081
}
log disable
protocol tcp_udp
}
rule 70 {
action accept
description asterisk-222,8080
destination {
address 192.168.69.146
port 222,8080
}
log disable
protocol tcp
state {
established enable
invalid disable
new enable
related enable
}
}
rule 80 {
action accept
description echolink-5198,5199
destination {
address 192.168.69.146
port 5198,5199
}
log disable
protocol udp
}
rule 90 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 100 {
action accept
description nas-ssh-22
destination {
port 22
}
log disable
protocol tcp
state {
established enable
invalid disable
new enable
related enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 20 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 30 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 41 {
action accept
description openvpn_udp
destination {
port 1194
}
log disable
protocol udp
}
}
name Wan_Out {
default-action accept
description ""
rule 2 {
action reject-tcp
description "3306 mysql"
destination {
port 3306
}
log disable
protocol tcp
state {
established enable
invalid enable
new enable
related enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address dhcp
description Internet
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
out {
name Wan_Out
}
}
speed auto
}
ethernet eth1 {
description HobbyRoom
duplex auto
speed auto
}
ethernet eth2 {
description obi
duplex auto
speed auto
}
ethernet eth3 {
description TV
duplex auto
speed auto
}
ethernet eth4 {
description osmc-LR
duplex auto
poe {
output off
}
speed auto
}
loopback lo {
}
openvpn vtun0 {
description "OpenVPN server"
encryption aes256
hash sha256
mode server
openvpn-option --tls-server
openvpn-option "--comp-lzo yes"
openvpn-option --persist-key
openvpn-option --persist-tun
openvpn-option "--keepalive 10 120"
openvpn-option "--user nobody"
openvpn-option "--group nogroup"
openvpn-option "protocol udp"
openvpn-option "--port 1194"
server {
name-server 8.8.8.8
push-route 192.168.69.0/24
subnet 10.10.10.0/24
}
tls {
ca-cert-file /config/auth/cacert.pem
cert-file /config/auth/host.pem
dh-file /config/auth/dhp.pem
key-file /config/auth/host-decrypted.key
}
}
openvpn vtun1 {
description "OpenVPN server"
encryption aes256
hash sha256
mode server
openvpn-option --tls-server
openvpn-option "--comp-lzo yes"
openvpn-option --persist-key
openvpn-option --persist-tun
openvpn-option "--keepalive 10 120"
openvpn-option "--user nobody"
openvpn-option "--group nogroup"
openvpn-option "protocol tcp"
openvpn-option "--port 443"
server {
name-server 8.8.8.8
push-route 192.168.69.0/24
subnet 10.10.10.0/24
}
tls {
ca-cert-file /config/auth/cacert.pem
cert-file /config/auth/host.pem
dh-file /config/auth/dhp.pem
key-file /config/auth/host-decrypted.key
}
}
switch switch0 {
address 192.168.69.1/24
description Local
mtu 1500
switch-port {
interface eth1 {
}
interface eth2 {
}
interface eth3 {
}
interface eth4 {
}
vlan-aware disable
}
}
}
port-forward {
auto-firewall disable
hairpin-nat enable
lan-interface switch0
rule 1 {
description pi-http
forward-to {
address 192.168.69.127
port 80
}
original-port 80
protocol tcp
}
rule 2 {
description allstarlink
forward-to {
address 192.168.69.146
port 4569
}
original-port 4569
protocol tcp_udp
}
rule 3 {
description obi200
forward-to {
address 192.168.69.145
port 10000
}
original-port 10000
protocol udp
}
rule 4 {
description asterisk-ssh
forward-to {
address 192.168.69.146
port 222
}
original-port 222
protocol tcp
}
rule 5 {
description asterisk-www
forward-to {
address 192.168.69.146
port 8080
}
original-port 8080
protocol tcp
}
rule 6 {
description NvrMobile
forward-to {
address 192.168.69.103
port 9000
}
original-port 9000
protocol tcp_udp
}
rule 7 {
description echolink1
forward-to {
address 192.168.69.146
port 5198
}
original-port 5198
protocol udp
}
rule 8 {
description echolink2
forward-to {
address 192.168.69.146
port 5199
}
original-port 5199
protocol udp
}
rule 9 {
description nas-ssh
forward-to {
address 192.168.69.104
port 22
}
original-port 22
protocol tcp
}
rule 10 {
description nvr-data
forward-to {
address 192.168.69.103
port 1026
}
original-port 1026
protocol tcp_udp
}
rule 11 {
description nvr-desktop
forward-to {
address 192.168.69.103
port 8000
}
original-port 8000
protocol tcp_udp
}
wan-interface eth0
}
service {
dhcp-server {
disabled false
hostfile-update enable
shared-network-name LAN {
authoritative enable
subnet 192.168.69.0/24 {
default-router 192.168.69.1
dns-server 192.168.69.1
lease 86400
start 192.168.69.101 {
stop 192.168.69.199
}
static-mapping CannonPrinter {
ip-address 192.168.69.128
mac-address 00:1e:8f:a0:58:ea
}
static-mapping DrivewayLights {
ip-address 192.168.69.123
mac-address b4:43:0d:c3:2e:e2
}
static-mapping GoFlex_Home {
ip-address 192.168.69.148
mac-address 00:10:75:2a:52:b8
}
static-mapping JonsCyberPower {
ip-address 192.168.69.119
mac-address d8:cb:8a:c7:a0:48
}
static-mapping MyDesktop {
ip-address 192.168.69.144
mac-address 40:8d:5c:8a:ba:49
}
static-mapping NAS {
ip-address 192.168.69.104
mac-address 00:D0:B8:21:02:14
}
static-mapping NVR {
ip-address 192.168.69.103
mac-address 04:5C:06:9A:04:4F
}
static-mapping OBi200 {
ip-address 192.168.69.145
mac-address 9c:ad:ef:62:00:2d
}
static-mapping SideYardLights {
ip-address 192.168.69.124
mac-address b4:43:0d:10:f7:46
}
static-mapping Vizio {
ip-address 192.168.69.149
mac-address a4:8d:3b:58:bb:ac
}
static-mapping asus_router {
ip-address 192.168.69.122
mac-address 10:C3:7B:E0:5A:78
}
static-mapping epson {
ip-address 192.168.69.153
mac-address 9c:ae:d3:23:3f:c1
}
static-mapping my-cell {
ip-address 192.168.69.129
mac-address a4:70:d6:83:ef:ee
}
static-mapping netgearwnr2500 {
ip-address 192.168.69.101
mac-address 04:A1:51:9C:9E:24
}
static-mapping osmc-br {
ip-address 192.168.69.152
mac-address 74:da:38:2b:42:1a
}
static-mapping osmc-livingroom {
ip-address 192.168.69.131
mac-address b8:27:eb:4a:21:3d
}
static-mapping pi2_http {
ip-address 192.168.69.127
mac-address B8:27:EB:55:6A:C1
}
static-mapping rp3-asterisk {
ip-address 192.168.69.146
mac-address B8:27:EB:52:1C:F4
}
static-mapping zmodo-FrontDoor1 {
ip-address 192.168.69.150
mac-address 04:5c:06:99:ed:c7
}
static-mapping zmodo-SideSouth {
ip-address 192.168.69.110
mac-address 04:5C:06:99:ED:4B
}
static-mapping zmodo-backyard {
ip-address 192.168.69.108
mac-address 04:5C:06:99:ED:AB
}
static-mapping zmodo-drivewaysouth {
ip-address 192.168.69.151
mac-address 04:5c:06:99:ed:a7
}
static-mapping zmodo-fdoor2 {
ip-address 192.168.69.107
mac-address 04:5C:06:99:ED:AA
}
static-mapping zmodo-garage {
ip-address 192.168.69.109
mac-address 04:5C:06:99:ED:AE
}
static-mapping zmodo-driveway-northview {
ip-address 192.168.69.111
mac-address 04:5C:06:99:EE:D3
}
}
}
use-dnsmasq disable
}
dns {
dynamic {
interface eth0 {
service namecheap {
host-name @,www.digitalattack.org,rockets.digitalattack.org,vlan0.digitalattack.org
login digitalattack.org
password *removed*
server dynamicdns.park-your-domain.com
}
}
}
forwarding {
cache-size 150
listen-on switch0
}
}
gui {
http-port 80
https-port 8443
listen-address 192.168.69.1
older-ciphers enable
}
nat {
rule 5010 {
description "masquerade for WAN"
log disable
outbound-interface eth0
protocol all
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
host-name ubnt
login {
user *removed* {
authentication {
encrypted-password *removed*
plaintext-password *removed*
}
full-name *removed*
level admin
}
}
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone America/Los_Angeles
traffic-analysis {
dpi disable
export disable
}
}
traffic-control {
smart-queue MyQOS {
download {
ecn enable
flows 1024
fq-quantum 1514
limit 10240
rate 130.0mbit
}
upload {
ecn enable
flows 1024
fq-quantum 1514
limit 10240
rate 10.0mbit
}
wan-interface eth0
}
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.9.1.4939092.161214.0702 */
↧
adding second remote syslog server via cli on edgemax 1.9.1.?
Trying to add a second syslog server but stuck in what should be the correct syntax
Different settings (level) to two different IP's
Or is it not possible to specify second syslog server?
Same question for adding filters
Regards
↧
↧
EdgeRouter X SFP v1.9.1 open ip before eth0
Hi I can not setup my EdgeRouter X SFP and need some help.
so my config is here in photos
So I have UBNT AC-500 on eth0 with IP 192.168.20.28 and 192.168.20.29 but I can not connect on it.
what should I do to make connection from eth4 - DHCP ( locacl ) to AC-500 ?
behind eth1 = Linux server who get direct IP 45.247.65.45
behine eth2 = small DHCP server with outgoing IP 45.247.65.46
behine eth3 = UBNT M2M wifi network with outgoing IP 45.247.65.46
behine eth4 = local DHCP server with outgoing IP 45.247.65.44
I aways use this local network but I can not connect to AC-500, that I need samo help.
thanks a lot.
↧
Routing to OpenVPN Server
Hi, i have a OpenVPN Server running on a Synology. The IP range is 10.8.0.1 to 10.8.0.6 on the OpenVPN Server. I have open the port 1194 to the Synology wich have the ip 10.10.0.10 on vlan 10. Also i made a static gateway route 10.8.0.0/24 next hop 10.10.0.10 on eth1.10. On the OpenVPN client i only get
Error: Unroutable control packet received.
Can someone tell me whats wrong ?
all-ping enable
broadcast-ping disable
ipv6-name WANv6_IN {
default-action drop
description "WAN inbound traffic forwarded to LAN"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
ipv6-name WANv6_LOCAL {
default-action drop
description "WAN inbound traffic to the router"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 30 {
action accept
description "Allow IPv6 icmp"
protocol ipv6-icmp
}
rule 40 {
action accept
description "allow dhcpv6"
destination {
port 546
}
protocol udp
source {
port 547
}
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 30 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 30 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
options {
mss-clamp {
mss 1412
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 192.168.1.2/24
description "Internet (PPPoE)"
duplex auto
pppoe 0 {
default-route auto
dhcpv6-pd {
pd 0 {
interface eth1 {
host-address ::1
prefix-id :1
service slaac
}
interface eth2 {
host-address ::1
prefix-id :2
service slaac
}
prefix-length /56
}
rapid-commit enable
}
firewall {
in {
ipv6-name WANv6_IN
name WAN_IN
}
local {
ipv6-name WANv6_LOCAL
name WAN_LOCAL
}
}
mtu 1492
name-server auto
password xxxxxxx
user-id xxxxxxxxx
}
speed auto
}
ethernet eth1 {
address 192.168.1.254/24
description Local
duplex auto
speed auto
vif 10 {
address 10.10.0.254/24
description Welker_jun
mtu 1500
}
vif 20 {
address 10.10.1.254/24
description Welker_Sen
mtu 1500
}
}
ethernet eth2 {
address 192.168.2.1/24
description "Local 2"
duplex auto
speed auto
}
loopback lo {
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface eth1.10
lan-interface eth1.20
rule 1 {
description Nix
forward-to {
address 10.10.0.10
port 13555
}
original-port 13555
protocol tcp
}
rule 2 {
description Nix1
forward-to {
address 10.10.0.10
port 21337
}
original-port 21337
protocol tcp
}
rule 3 {
description Syno_1
forward-to {
address 10.10.0.10
port 8888
}
original-port 8888
protocol tcp
}
rule 4 {
description Syno_2
forward-to {
address 10.10.0.10
port 5001
}
original-port 5001
protocol tcp
}
rule 5 {
description Syno_3
forward-to {
address 10.10.0.10
port 8080
}
original-port 8080
protocol tcp
}
rule 6 {
description Syno_4
forward-to {
address 10.10.0.10
port 5443
}
original-port 5443
protocol tcp
}
rule 7 {
description OpenVPN
forward-to {
address 10.10.0.10
port 1194
}
original-port 1194
protocol udp
}
rule 8 {
description Plex
forward-to {
address 10.10.0.10
port 32400
}
original-port 32400
protocol tcp
}
rule 9 {
description Syno_SSH
forward-to {
address 10.10.0.10
port 22
}
original-port 8082
protocol tcp
}
rule 10 {
description Syno_Web
forward-to {
address 10.10.0.10
port 80
}
original-port 80
protocol tcp
}
rule 11 {
description Syno_SSL
forward-to {
address 10.10.0.10
port 443
}
original-port 443
protocol tcp
}
wan-interface pppoe0
}
protocols {
static {
route 10.8.0.0/24 {
next-hop 10.10.0.10 {
description OpenVPN
}
}
}
}
service {
dhcp-server {
disabled false
global-parameters "option domain-name welker.lan;"
global-parameters "option unifi-address code 43 = string;"
hostfile-update enable
shared-network-name LAN1 {
authoritative enable
subnet 192.168.1.0/24 {
default-router 192.168.1.254
dns-server 192.168.1.254
dns-server 8.8.8.8
lease 86400
start 192.168.1.38 {
stop 192.168.1.243
}
unifi-controller 10.10.0.10
}
}
shared-network-name LAN2 {
authoritative enable
subnet 192.168.2.0/24 {
default-router 192.168.2.1
dns-server 192.168.2.1
lease 86400
start 192.168.2.38 {
stop 192.168.2.243
}
}
}
shared-network-name WELKER_JUN {
authoritative disable
subnet 10.10.0.0/24 {
default-router 10.10.0.254
dns-server 10.10.0.254
dns-server 8.8.8.8
domain-name welker.lan
lease 86400
start 10.10.0.100 {
stop 10.10.0.200
}
static-mapping DESKTOP-UDODBPQ {
ip-address 10.10.0.138
mac-address f8:b1:56:bf:51:82
}
static-mapping Jakob {
ip-address 10.10.0.126
mac-address 64:70:02:1d:65:02
}
static-mapping Karolina {
ip-address 10.10.0.107
mac-address 74:da:38:5c:56:84
}
static-mapping TX-NR414 {
ip-address 10.10.0.182
mac-address 00:09:b0:4a:f0:45
}
static-mapping sat-ip {
ip-address 10.10.0.143
mac-address 00:24:a6:00:0a:a4
}
unifi-controller 10.10.0.10
}
}
shared-network-name Welker_Sen {
authoritative disable
subnet 10.10.1.0/24 {
default-router 10.10.1.254
dns-server 10.10.1.254
dns-server 8.8.8.8
domain-name welker.lan
lease 86400
start 10.10.1.100 {
stop 10.10.1.200
}
subnet-parameters "option unifi-address 01:04:0A:0A:00:0A;"
unifi-controller 10.10.0.10
}
}
use-dnsmasq enable
}
dns {
dynamic {
interface eth0 {
service dyndns {
host-name xxxxxxxx
login xxxxx
password xxxxxxxxx
}
web dyndns
}
}
forwarding {
cache-size 400
listen-on eth1
listen-on eth2
listen-on eth1.10
listen-on eth1.20
name-server 8.8.8.8
name-server 8.8.4.4
options dhcp-script=/config/scripts/transform-leases.pl
}
}
gui {
http-port 80
https-port 443
listen-address 10.10.0.254
listen-address 10.10.1.254
older-ciphers enable
}
nat {
rule 5010 {
description "masquerade for WAN"
outbound-interface pppoe0
type masquerade
}
rule 5011 {
description Vigor
destination {
address 192.168.1.0/24
}
log disable
outbound-interface eth0
protocol all
type masquerade
}
}
ssh {
listen-address 10.10.0.254
listen-address 10.10.1.254
port 22
protocol-version v2
}
}
system {
domain-name welker.lan
host-name ubnt
login {
user ubnt {
authentication {
encrypted-password ****************
}
level admin
}
}
name-server 127.0.0.1
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat disable
ipv4 {
forwarding enable
pppoe enable
vlan enable
}
}
static-host-mapping {
host-name datastore {
inet 10.10.0.10
}
host-name datastore.welker.lan {
inet 10.10.0.10
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
traffic-analysis {
custom-category Streaming {
name Netflix
name "Amazon Instant Video"
name "Amazon CloudFront"
}
dpi enable
export enable
}
}
↧
EdgeRouterX - I cannot pull full speed from ISP through router
I know this question has been asked here in various ways. Please forgive me but I could not resolve my problem after trying several things that had been suggested here. I purchased the "Ubiquiti EdgeRouter X Advanced Gigabit Ethernet Router (ER-X)". Without the router I can pull 400 Mbps down and 40 Mbps up. With the router I can only pull about 90 Mbps down and 40 Mbps up. I would like to have the full download speed with the EdgeRouter X.
Here is what I have done and tried:
Updated firmware to 1.9.1.
Got familiar with the user interface (fun!).
Moving ethernet cords around to different ports.
Manually setting the IP on my computer..
Playing around with Wan2Lan2 / Wan2Lan wizards
Here is what I tried, but could not figure out:
From what I read online is that I might have a bridge that I need to remove. I could not figure out how to remove the bridge... or even confirm that this is my problem.
My ultimate question is this: I am sure that this is a very common situation. Could someone help direct me to a step by step guide on how to pull full internet speed through this router? I have figured a lot out about this router since yesterday but I am still widely unfamiliar with a lot of the lingo... so please go somewhat easy on me! Ultimately I will be hooking two computers up to this router and I would like both of them to be able to see the full 400 Mbps speed (obviously not at the same time). Any help is greatly appreciated!
Peter
↧