Hi all,
I am fairly new to commercial grade routers and recently my company swop out our comsumer grade wireless router to an edgerouter poe5 + AP. After successfully getting our internet up, the next important thing to us is to port forward for external access to our NAS and CCTV system. I tried reading up everything online and managed to configure port 5000 to our NAS however I can't seems to get any other ports to work.
Same situation for both port forward and manual configuring firewall policies and DNAT.
Below are the config for Auto Firewall Port Forwarding. Please help.
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 20 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 30 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
bridge br0 {
address 192.168.1.1/24
aging 300
bridged-conntrack disable
description "Local Bridge"
hello-time 2
max-age 20
priority 32768
promiscuous enable
stp false
}
ethernet eth0 {
address dhcp
description Internet
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
poe {
output off
}
speed auto
vif 10 {
address dhcp
description Singtel
mtu 1500
}
}
ethernet eth1 {
bridge-group {
bridge br0
}
description "Local Bridge"
duplex auto
poe {
output off
}
speed auto
}
ethernet eth2 {
description "Local Bridge"
duplex auto
poe {
output off
}
speed auto
}
ethernet eth3 {
description "Local Bridge"
duplex auto
poe {
output off
}
speed auto
}
ethernet eth4 {
description "Local Bridge"
duplex auto
poe {
output off
}
speed auto
}
loopback lo {
}
switch switch0 {
bridge-group {
bridge br0
}
description "Local Bridge"
mtu 1500
switch-port {
interface eth2 {
}
interface eth3 {
}
interface eth4 {
}
vlan-aware disable
}
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface switch0
lan-interface br0
rule 1 {
description Synology
forward-to {
address 192.168.1.188
}
original-port 5000
protocol tcp
}
rule 2 {
description CCTV
forward-to {
address 192.168.1.181
}
original-port 4545
protocol tcp
}
wan-interface eth0
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN_BR {
authoritative enable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 192.168.1.1
dns-server 4.2.2.2
lease 86400
start 192.168.1.50 {
stop 192.168.1.254
}
}
}
}
dns {
dynamic {
interface eth0 {
service dyndns {
host-name kbeval.dyndns.org
login leonardchiu
password ****************
protocol dyndns1
}
web dyndns
}
}
forwarding {
cache-size 150
listen-on br0
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 5010 {
description "masquerade for WAN"
outbound-interface eth0
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
host-name ubnt
login {
user ubnt {
authentication {
encrypted-password ****************
}
level admin
}
}
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
}