Hi, I configured the edgerouter as a VPN server with L2TP w/IPsec. I'm able to connect my Iphone to the VPN but the ESP encryption algorithm is only AES128/SHA1. I would like use AES256/SHA256 and I believe both devices support those settings but I can't get them to connect with thoses settings. Any suggestions would be greatly apprecieated.
↧
L2TP w IPsec and Iphone 6
↧
Policy based routing for specific ports
I am trying to utilize an openvpn connection to be used only when traffic is using specific ports.
I have found several different topics on the subject, each with different solutions.
Below is my config and my attempt to achieve my goal. Unfortunately, it is not working.
Please advise where I am going wrong:
firewall {
all-ping enable
broadcast-ping disable
group {
network-group PRIVATE_NETS {
network 192.168.0.0/16
network 172.16.0.0/12
network 10.0.0.0/8
}
port-group DownloadStation {
description "Ports for Download Station"
port 16881
port 6880-6999
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians disable
modify OPENVPN_ROUTE {
description "traffic from Download Station to vtun0"
rule 10 {
action modify
description "Route traffic from DL Station to vtun0"
modify {
table 2
}
protocol tcp_udp
source {
group {
port-group DownloadStation
}
}
}
}
modify balance {
rule 10 {
action modify
description "do NOT load balance lan to lan"
destination {
group {
network-group PRIVATE_NETS
}
}
modify {
table main
}
}
rule 20 {
action modify
description "do NOT load balance destination public address"
destination {
group {
address-group ADDRv4_eth0
}
}
modify {
table main
}
}
rule 30 {
action modify
description "do NOT load balance destination public address"
destination {
group {
address-group ADDRv4_eth1
}
}
modify {
table main
}
}
rule 70 {
action modify
modify {
lb-group G
}
}
}
name WAN_IN {
default-action drop
description "WAN to internal"
rule 20 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 30 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 20 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 30 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address dhcp
description WAN
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
poe {
output off
}
speed auto
}
ethernet eth1 {
address dhcp
description "WAN 2"
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
poe {
output off
}
speed auto
}
ethernet eth2 {
duplex auto
poe {
output 48v
watchdog {
address 192.168.2.2
failure-count 3
interval 900
off-delay 30
start-delay 300
}
}
speed auto
}
ethernet eth3 {
duplex auto
poe {
output 48v
watchdog {
address 192.168.2.3
failure-count 3
interval 900
off-delay 30
start-delay 300
}
}
speed auto
}
ethernet eth4 {
duplex auto
poe {
output off
}
speed auto
}
loopback lo {
}
openvpn vtun0 {
config-file /home/brian/config/auth/USMidwest.ovpn
description "PIA VPN"
}
switch switch0 {
address 192.168.2.1/24
description Local
firewall {
in {
modify OPENVPN_ROUTE
}
}
mtu 1500
switch-port {
interface eth2 {
}
interface eth3 {
}
interface eth4 {
}
vlan-aware disable
}
}
}
load-balance {
group G {
interface eth0 {
}
interface eth1 {
failover-only
}
lb-local enable
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface switch0
rule 1 {
description "IMAP over SSL/TLS"
forward-to {
address 192.168.2.254
}
original-port 993
protocol tcp
}
rule 2 {
description "POP3 over SSL/TLS"
forward-to {
address 192.168.2.254
}
original-port 995
protocol tcp
}
rule 3 {
description "Surveillance Station"
forward-to {
address 192.168.2.254
}
original-port 9900-9901
protocol tcp
}
rule 4 {
description SMTP-SSL
forward-to {
address 192.168.2.254
}
original-port 465
protocol tcp
}
rule 5 {
description SMTP-TLS
forward-to {
address 192.168.2.254
}
original-port 587
protocol tcp
}
rule 6 {
description "VNC PlexServer"
forward-to {
address 192.168.2.200
}
original-port 7995
protocol tcp
}
rule 7 {
description "VNC Brian"
forward-to {
address 192.168.2.225
}
original-port 7996
protocol tcp
}
rule 8 {
description "Synology DSM"
forward-to {
address 192.168.2.254
}
original-port 5001
protocol tcp
}
rule 9 {
description "Tablo TV"
forward-to {
address 192.168.2.227
port 8887
}
original-port 21021
protocol tcp
}
rule 10 {
description "Tablo TV"
forward-to {
address 192.168.2.227
port 80
}
original-port 21020
protocol tcp
}
rule 11 {
description SMTP
forward-to {
address 192.168.2.254
}
original-port 25
protocol tcp
}
rule 12 {
description POP3
forward-to {
address 192.168.2.254
}
original-port 110
protocol tcp
}
rule 13 {
description IMAP
forward-to {
address 192.168.2.254
}
original-port 143
protocol tcp
}
rule 14 {
description Plex
forward-to {
address 192.168.2.200
}
original-port 32400
protocol tcp
}
rule 15 {
description UniFi
forward-to {
address 192.168.2.200
}
original-port 8443
protocol tcp_udp
}
wan-interface eth0
}
protocols {
static {
table 1 {
interface-route 0.0.0.0/0 {
next-hop-interface eth0 {
}
}
}
table 2 {
interface-route 0.0.0.0/0 {
next-hop-interface vtun0 {
}
}
}
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN {
authoritative enable
subnet 192.168.2.0/24 {
default-router 192.168.2.1
dns-server 192.168.2.1
lease 86400
start 192.168.2.2 {
stop 192.168.2.254
}
static-mapping Arlo_Basestation {
ip-address 192.168.2.9
mac-address c0:ff:d4:85:f7:ef
}
static-mapping BackPorch_Camera {
ip-address 192.168.2.27
mac-address 4c:11:bf:c9:e3:d3
}
static-mapping Bedroom_Hallway_AP {
ip-address 192.168.2.3
mac-address 24:a4:3c:50:1B:4D
}
static-mapping Brian-PC {
ip-address 192.168.2.225
mac-address 90:FB:A6:2D:C8:2E
}
static-mapping Color_Printer {
ip-address 192.168.2.253
mac-address 00:80:92:D8:69:7F
}
static-mapping Front_DoorBell {
ip-address 192.168.2.6
mac-address 44:39:C4:B6:3A:A6
}
static-mapping Harmony_Hub {
ip-address 192.168.2.5
mac-address 00:04:20:EB:1C:3D
}
static-mapping LivingRoom_Roku4 {
ip-address 192.168.2.41
mac-address 08:05:81:e7:4d:3a
}
static-mapping Livingroom_AP {
ip-address 192.168.2.2
mac-address 24:a4:3c:50:1B:5D
}
static-mapping Media-Server {
ip-address 192.168.2.254
mac-address 00:11:32:1F:2D:B6
}
static-mapping Ooma {
ip-address 192.168.2.39
mac-address 00:18:61:29:41:3d
}
static-mapping Plex-Server {
ip-address 192.168.2.200
mac-address AC:22:0B:8C:3A:DE
}
static-mapping Tablo {
ip-address 192.168.2.227
mac-address 50:87:B8:00:82:A2
}
unifi-controller 192.168.2.200
}
}
use-dnsmasq disable
}
dns {
forwarding {
cache-size 150
listen-on switch0
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 5000 {
description "masquerade for VTUN0"
destination {
group {
}
}
log disable
outbound-interface vtun0
protocol tcp_udp
source {
group {
port-group DownloadStation
}
}
type masquerade
}
rule 5001 {
description "masquerade for LAN"
destination {
address 192.168.2.0/24
}
log disable
outbound-interface switch0
protocol tcp_udp
source {
address 192.168.2.0/24
}
type masquerade
}
rule 5002 {
description "masquerade for WAN"
outbound-interface eth0
type masquerade
}
rule 5003 {
description "masquerade for WAN 2"
outbound-interface eth1
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
conntrack {
expect-table-size 4096
hash-size 4096
table-size 32768
tcp {
half-open-connections 512
loose enable
max-retrans 3
}
}
host-name ubnt
login {
user john {
authentication {
encrypted-password $6$WdVnA9eVwXXIF$V1rUezVXgDKIW.utdhfoHpwUVh4gtXGhNooydVL5dxnqIyxOuPhG2/U4o8LY0Pe0c8WhIK3d7aTYcVqjlZNDT/
}
level admin
}
}
name-server 8.8.8.8
name-server 8.8.4.4
name-server 156.154.70.1
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
host 192.168.2.254 {
facility all {
level debug
}
}
}
time-zone America/New_York
traffic-analysis {
dpi enable
export enable
}
}
traffic-control {
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.9.0.4901118.160804.1131 */
↧
↧
Add VLAN tagging to Load-balance wizard?
I see in 1.9.0 that there is now a VLAN tagging field for the Basic wizard.
However, would it also be possible to add this option to the two Load-balancing wizards as well?
↧
ER-X Vlan DHCP server end range command
Following certain instructions on this page to set up a vlan 20. However I can't find this command
set service dhcp-server shared-network-name vlan4 subnet 192.168.4.0/24 end 192.168.4.254
xxxxxxx@ubnt# set service dhcp-server shared-network-name vlan20 subnet 10.0.20.0/24 bootfile-name ip-forwarding static-route bootfile-server lease subnet-parameters client-prefix-length ntp-server tftp-server-name default-router pop-server time-offset dns-server server-identifier time-server domain-name smtp-server unifi-controller exclude start wins-server failover static-mapping wpad-url [edit]
I notice the page is for ERL & almost a year old. I wonder if the end option is removed. What can I use instead?
↧
EDGEPOINT config!!!!
Hello, I write from Argentina and I am using Google translator.
I want to upgrade my network. I am interested in using a "edgepoint" cables to simplify my communications tower.
Currently, each device has its own cable, coming down from the tower to center.
Some devices are point-to-point links, and other points of access for customers.
Each point-to-point link belongs to a different network.
All access points of the tower, belong to the same network.
The question I have is:
1. With the "EdgePoint EP-S16" device, I can configure multiple VLANS and then separate them into the center (under the tower)?
2. In the center, with a "ToughSwitch 8-port POE", could return to separate networks?
3. What do you recommend?
4. To feed current to "EdgePoint EP-S16". Is it advisable to wear a pair of copper wires with 48V 3A?
Thank you very much.
↧
↧
Mikrotik fiber cables
Hi
https://routerboard.com/SplusDA0001
are there some who have tried them here in an ER-X SFP and the ES 8 150w and on to an ES 24 LITE
there must be fiber between all devices
/ Flemming
↧
EdgeRouter Pro Hairpin Issue with Intervlan Routing on EdgeSwitch
Hello Everyone, Im having a heck of a time getting Hairpin Nat to work as expected.
My Setup is Using an ER-Pro with eth7 (SFP) connected to my 24 port EdgeSwitch as a trunk line for internet.
I have an Exchange Server in vlan2 with an Exchange Edge Server in vlan3.
Auto port forwarding works and im able to send and receive mail when connected from outside the network, but internaly it just wont connect.
Here is my config.
ubnt@ubnt:~$ show configuration
firewall {
all-ping enable
broadcast-ping disable
group {
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 40 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 11.22.333.444/28 <—— Removed for security
description Internet
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
}
ethernet eth1 {
address 172.16.1.1/24
description Local
duplex auto
speed auto
}
ethernet eth2 {
duplex auto
speed auto
}
ethernet eth3 {
duplex auto
speed auto
}
ethernet eth4 {
duplex auto
speed auto
}
ethernet eth5 {
duplex auto
speed auto
}
ethernet eth6 {
duplex auto
speed auto
}
ethernet eth7 {
address 10.10.10.1/30
description Trunk
duplex auto
speed auto
}
loopback lo {
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface eth7
rule 1 {
description ExchangeOwa
forward-to {
address 192.168.1.222
port 443
}
original-port 443
protocol tcp
}
rule 2 {
description EdgeSmtp
forward-to {
address 192.168.3.10
port 25
}
original-port 25
protocol tcp
}
wan-interface eth0
}
protocols {
static {
route 192.168.1.0/24 {
next-hop 10.10.10.2 {
}
}
route 192.168.3.0/24 {
next-hop 10.10.10.2 {
}
}
route 192.168.4.0/24 {
next-hop 10.10.10.2 {
}
}
route 192.168.5.0/24 {
next-hop 10.10.10.2 {
}
}
}
}
service {
dns {
forwarding {
cache-size 150
listen-on eth1
}
}
gui {
http-port 80
https-port 4443
older-ciphers enable
}
nat {
rule 5010 {
description "masquerade for WAN"
outbound-interface eth0
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
gateway-address 11.22.333.444 <——————— Removed for security
host-name ubnt
login {
user ubnt {
authentication {
encrypted-password **********************************************************
}
level admin
}
}
name-server 8.8.8.8
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone America/Detroit
}
ubnt@ubnt:~$
↧
EdgeOS (ER-X) IPsec & IKEv2 Feature Requests
I, within the past month, bought myself an EdgeRouter X because it was a great price for such a wonderful router, so I wanted to say thank you very much Ubiquity for such a great and low cost but powerful little router. It's made me get back to reality with good routing and security methods, including IPsec and OpenVPN.
I had noticed that IKEv2 support works great, and yet still has some missing functionality that I would very much like to see.
First, the easiest one. No matter what, it seems that you cannot set any site-to-site to be auto=start mode, meaning it always tries to stay connected, and reconnect when the connection drops. It's set to auto=route which means local traffic has to be going out towards the subnets on each site-to-site configuration before it itself reconnects. This kind of problem has lead to others writing these crazy scripts that cause extra ping traffic to poll the endpoint and check if it's there, and restart ipsec and re-establish the connection. At the same time, those pings also keep "activity" through, but only just...
I would like to be able to configure my IPsec tunnels to always reconnect with auto=start. I've done this on the reverse side, where my endpoints are running on CentOS 7 with strongswan, but this kind of setup obviously wouldn't work as conistently with an EdgeRouter<->EdgeRouter setup.
Second would be the use of VTI on dynamic WAN IPs. I have a dynamic IP address for my home and thus use local-address default to automatically utilize the existing IP of the WAN for IPsec. VTI throws errors because it expects an IP address specifically or it will refuse too commit to it.
Lastly, the biggest one of them all. IKEv2 (and later versions of IKEv1), support multiple subnets in the leftsubnet and rightsubnet ipsec.conf, and as a result they negotiate bilaterally routes to each endpoint. Currently EdgeOS 1.9.0 (on ER-X), does not support multiple subnet definitions and so it's limited to 1 subnet, or a 0.0.0.0/0 (or broader subnet mask if applicable). 0.0.0.0/0 is of course dangerous if the other side is not configured correctly and specifically as it could potentially route all outbound traffic over the VPN as well and not just the associated subnets desired. On my CentOS endpoints, I specifically set multiple subnets I intend for routing over the IPsec tunnel, but I have to currently use 0.0.0.0/0 on my ER-X endpoint to account for specific routes.
Anyway, great product, and I hope to see some or all of these features included sometime.
--
Eric Renfro (Psi-Jack)
↧
Edge Router Pro
how to limit speed IP?
Edge Router Pro 8 firmware 1.8.0 FailOver.
↧
↧
firewall question: drop invalid rule order
Some networking folks on IRC are saying we should always drop invalid first before allow est/rel.
Many examples here have invalid at the bottom.
Can any pro shed some light on this?
↧
WAN_IN vs WAN_LOCAL difficulty understanding.
I've searched many previous topics on this but i still have difficulty understanding
Can somebody share typical examples on where we should apply rules?
It DOES seem that WAN_LOCAL is where we should open our ports, and port forwards.
In my case, I have eth0 (wan port) with eth0.10 (vlan) and pppoe0 off eth0.10.
If I were to guess, portforwards and all the typical SOHO port stuff should be applied onto WAN_LOCAL which is off ethernet device pppoe0/local
so now im left with eth0/in eth0.10/in and pppoe0/in and im not very sure what rules to have for these.
↧
Edge Router Pro Firewall
How to configure firewall to drop all LAN and accept only some IPs?
Example: DROP 192.168.1.0/24, ACCEPT 192.168.1.10, 192.168.1.11, 192.168.1.20, 192.168.1.21, 192.168.1.100.
Where can I find documentation with examples firewall pro edge router?
Edge Router Pro 8 FailOver, firmware 1.9.0.
↧
Edge Router Pro 8 LAN
How can I configure eth3 and eth4 ... for different LAN eth2?
Example: 192.168.1.1 eth2, eth3 192.168.2.1, 192.168.3.1 eth4 ...
Edge Router Pro 8 FailOver, firmware 1.9.0.
↧
↧
IPv6 dhcp
Hello Everyone,
I am trying setup prefix-delegation for DHCPv6 and on client I see error in debug log
793 Aug/13/2016 18:23:35 memory dhcp, debug, packet recv client: ether1-gateway fe80::822a:a8ff:fe4d:c16c -> fe80::4e5e:cff:fec4:5559 794 Aug/13/2016 18:23:35 memory dhcp, debug, packet type: advertise 795 Aug/13/2016 18:23:35 memory dhcp, debug, packet transaction-id: 52cf58 796 Aug/13/2016 18:23:35 memory dhcp, debug, packet -> clientid: 00030001 4c5e0cc4 5559 797 Aug/13/2016 18:23:35 memory dhcp, debug, packet -> serverid: 00010001 1f41edd4 802aa84d c16c 798 Aug/13/2016 18:23:35 memory dhcp, debug, packet -> ia_na: 799 Aug/13/2016 18:23:35 memory dhcp, debug, packet t1: 0 800 Aug/13/2016 18:23:35 memory dhcp, debug, packet t2: 0 801 Aug/13/2016 18:23:35 memory dhcp, debug, packet id: 0x1 802 Aug/13/2016 18:23:35 memory dhcp, debug, packet -> ia_addr: 803 Aug/13/2016 18:23:35 memory dhcp, debug, packet address: 2001:470:1d:ccd::1998 804 Aug/13/2016 18:23:35 memory dhcp, debug, packet valid time: 43200 805 Aug/13/2016 18:23:35 memory dhcp, debug, packet pref. time: 27000 806 Aug/13/2016 18:23:35 memory dhcp, debug, packet -> dns_servers: 807 Aug/13/2016 18:23:35 memory dhcp, debug, packet 2001:xxxx:xxxx::8888 808 Aug/13/2016 18:23:35 memory dhcp, debug, packet -> ia_pd: 809 Aug/13/2016 18:23:35 memory dhcp, debug, packet t1: 0 810 Aug/13/2016 18:23:35 memory dhcp, debug, packet t2: 0 811 Aug/13/2016 18:23:35 memory dhcp, debug, packet id: 0x1 812 Aug/13/2016 18:23:35 memory dhcp, debug, packet -> status: 6 - no prefix 813 Aug/13/2016 18:23:35 memory dhcp, debug, packet msg: No prefixes available for this interface. 814 Aug/13/2016 18:23:35 memory dhcp, debug ia_pd: bad status in advertise: no prefix (6) 731 Aug/13/2016 18:23:31 memory dhcp, debug resending..
Here are DHCPv6 configuration.
volga629@canlrt01# show service dhcpv6-server shared-network-name def-ipv6
name-server 2001:4860:4860::8888
subnet 2001:xxx:xx:xxx::/64 {
address-range {
start 2001:xxx:xx:xxx::10 {
stop 2001:xxx:xx:xxx::1999
}
}
prefix-delegation {
start 2001:xxx:xx:xxx::2000 {
prefix-length 60
}
}
}From EdgeMax Pro I can ping google ipv6 and it runing last OS 1.9
↧
router load
I'm trying to debug something and looking for some diagnostic info... specifically for ERXs.
* In the web UI, what does the CPU meter measure? Is it the CPU alone, or does it also include the network hw engine?
* From the CLI, top is obviously useful to look at just the CPU status.
* Is there a CLI cmd to examine the state and load of the networking enginge? If so what it is? (I've walked most of the CLI hitting tab and can't find anything)
* If hw offload is enabled, is there anyway to see how busy the hw is (because it wont show up in the CPU)?
Thanks
↧
PPPoE Connection (with VLAN Tag) - Dynamic DNS returns "noconnect" on pppoe, no IP address for other
I have a EdgeRouter, and I used the "Basic Setup" wizard to configure a PPPoE connection on eth0.
I'm trying to setup a Dynamic DNS service using DynDNS, via the GUI. This is the output:
ubnt@ubnt# show service dns dynamic
interface eth0 {
service dyndns {
host-name SANITISED.dyndns.org
login victorhooi
password SANITISED
}
web dyndns
}
[edit]However, no matter what interface I set it to, it doesn't seem to work.
If I set it to pppoe (which according to the dashboard is the interface with a public IP address), I get:
ubnt@ubnt:~$ show dns dynamic status interface : pppoe0 host-name : cco.dyndns.org last update : Thu Jan 1 10:00:00 1970 update-status: noconnect
If I set it to eth0, I get:
ubnt@ubnt:~$ show dns dynamic status interface : eth0 [ Currently no IP address ]
If I set it to eth0.0 (not sure what this is - I believe it's related to my VLAN 0 on eth0?):
ubnt@ubnt:~$ show dns dynamic status interface : eth0.0 [ Currently no IP address ]
This is the output of show interfaces (public IP sanitised):
ubnt@ubnt:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 - u/u
eth0.0 - u/u Internet (PPPoE)
eth1 192.168.1.1/24 u/D Local
eth2 - u/D Local 2
eth3 - u/u Local 2
eth4 - u/u Local 2
lo 127.0.0.1/8 u/u
::1/128
pppoe0 120.150.SAN.SAN u/u
switch0 192.168.2.1/24 u/u Local 2Any thoughts on how to get this working?
↧
Two EdgeMAX PoE5s, one DNAT works , the other one DNAT does not work.
Have two PoE5s, identical configurations, router A and router B. configured router A firewall/NAT to forward port to internal server using DNAT and firewall rules. It works, I have Internet connectivity and the outside access to the server. I downloaded the configuration file and saved it. Then I swapped router A with router B and uploaded the config file (save from router A) and rebooted router. I have Internet connectivity using router B but the port forwarding does not work. What I am missing???? Two Identical routers, same firmware, same configuration, same network, and I can't get one to work. I ran the "show nat translations destinaltion monitor" command and nothing shows up when using router B but enteries show up when I swap to router A. I reset the router with no avail. This does not make sense to me. I have spend hours trying to figure this out. it is kicking my a$$.
↧
↧
Can Traffic Analysis work when setting up ER-X as a simple layer-2 switch?
I tried setting up ER-X as switch via Setup Wizards, using firmware 1.9.0, but could get Traffic Analysis function working. By using WAN+LAN configuration it works. Is it a limitation or did I miss configuring something? What does Traffic Analysis monitor exactly? switch0, all "eth" ports, all LAN ports, or other mechanism?
↧
Will this work? 3 WANS
I want to send 3 WANs from one location to another then disperse them between customers evenly. This is how my setup will work and I'm wondering if I need to change anything and would really appreciate help. Each WAN has a 100Mbps down and a 40Mbps up.I can post a diagram later if anyone is confused, here goes.
WAN 1,2, and 3 all going into EdgeRouter X or toughswitch POE through eth0 (VLAN10) eth1 (VLAN20) and eth2 (VLAN30) , eth4 (VLAN10,20,30) then goes out to and AirFiber 5X which goes to another AirFiber 5X which plugs into eth0 (VLAN10,20,30) on a 16 port EdgeSwitch 150w. eth1 eth2 eth3 and eth4 are all assigned to VLAN10 then plug into 4 PowerBeam ACs ISO, these go to 4 more PowerBeams. eth5 eth6 eth7 and eth8 are all assigned to VLAN20, all going through PowerBeams to more PowerBeams. eth 9 eth10 and eth11 are all doing the same thing as eth1-eth8 except they're on VLAN30. eth12 will be my management port as well as providing VLAN 30 internet.
Some of the big questions I have is do I need to apply the VLAN to every single port that the connection runs through, or just on the edgerouter and edgeswitch? Also should I turn my PowerBeams at the customers house into a router instead of a bridge. Will all the hardware be able to keep up? And will all the customers get even distribution of bandwidth when the system is fully underload?
All help is greatly appreciated as I am new to this kind of stuff.
↧
Android Device cannot connect to internet?
My setup is an
Edgemax router -> My PC
port 0 -> modem
port 1 -> wifi router 1
port 2 -> wifi vpn router
port 3 -> My PC
port 4 -> N/A
So i get internet on my pc from all ports/routers.
I can only get internet from my vpn router on my android.
If i connect to my regular wifi router, my android device doesn't get internet.
Is it a firewall/nat issue?
↧