Hi,
I'm using an ERL on 1.8.5. Just reset to factory today. Ran through the Load Balancing wizard and configured all my other custom settings. Now, when both eth0 and eth1 are connected, the router is not passing traffic as expected. No web traffic loads successfully. I can occasionally get a ping reply from google. Otherwise, unplugging either eth0 or eth1 will let traffic resume once again. Including configure show output below. If anyone sees anything that could be hindering the traffic, feel free to chime in. Thanks!
firewall {
all-ping enable
broadcast-ping disable
group {
network-group PRIVATE_NETS {
network 192.168.0.0/16
network 172.16.0.0/12
network 10.0.0.0/8
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians disable
modify balance {
rule 10 {
action modify
description "do NOT load balance lan to lan"
destination {
group {
network-group PRIVATE_NETS
}
}
modify {
table main
}
}
rule 20 {
action modify
description "do NOT load balance destination public address"
destination {
group {
address-group ADDRv4_eth0
}
}
modify {
table main
}
}
rule 30 {
action modify
description "do NOT load balance destination public address"
destination {
group {
address-group ADDRv4_eth1
}
}
modify {
table main
}
}
rule 100 {
action modify
modify {
lb-group G
}
}
}
name LAN_LAN {
default-action accept
description "Block Public to Private"
rule 1 {
action drop
description "Block Public to Private"
destination {
address 192.168.1.0/24
}
log disable
protocol all
source {
address 10.0.0.0/16
}
}
}
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
log disable
state {
established enable
invalid disable
new enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
log disable
state {
established enable
invalid disable
new enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address dhcp
description WAN
dhcp-options {
name-server no-update
}
disable
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
}
ethernet eth1 {
address dhcp
description "WAN 2"
dhcp-options {
name-server no-update
}
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
}
ethernet eth2 {
address 192.168.2.1/24
description Local
duplex auto
firewall {
in {
modify balance
}
}
speed auto
vif 1 {
address 192.168.1.1/24
description Private
mtu 1500
}
vif 2 {
address 10.0.0.1/16
description Public
firewall {
local {
name LAN_LAN
}
}
mtu 1500
}
}
loopback lo {
}
}
load-balance {
group G {
interface eth0 {
}
interface eth1 {
}
sticky {
}
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface eth2
lan-interface eth2.1
lan-interface eth2.2
rule 1 {
description "Rocket M2"
forward-to {
address 192.168.1.200
port 22
}
original-port 10200
protocol tcp_udp
}
rule 2 {
description "NS Site 42"
forward-to {
address 192.168.1.201
port 22
}
original-port 10201
protocol tcp_udp
}
rule 3 {
description "NS Site 4"
forward-to {
address 192.168.1.202
port 22
}
original-port 10202
protocol tcp_udp
}
rule 4 {
description "NS Cabins"
forward-to {
address 192.168.1.203
port 22
}
original-port 10203
protocol tcp_udp
}
rule 5 {
description "NS Site 13"
forward-to {
address 192.168.1.204
port 22
}
original-port 10204
protocol tcp_udp
}
rule 6 {
description "UV HTTPS"
forward-to {
address 192.168.1.210
port 7443
}
original-port 7443
protocol tcp_udp
}
rule 7 {
description "Tough Switch"
forward-to {
address 192.168.1.20
port 443
}
original-port 8443
protocol tcp_udp
}
rule 8 {
description "UV HTTP"
forward-to {
address 192.168.1.210
port 7080
}
original-port 7080
protocol tcp_udp
}
rule 9 {
description "UV Video"
forward-to {
address 192.168.1.210
port 7445
}
original-port 7445
protocol tcp_udp
}
rule 10 {
description "UV Video S"
forward-to {
address 192.168.1.210
port 7446
}
original-port 7446
protocol tcp_udp
}
rule 11 {
description "UV Restream"
forward-to {
address 192.168.1.210
port 7447
}
original-port 7447
protocol tcp_udp
}
wan-interface eth0
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN {
authoritative enable
subnet 192.168.2.0/24 {
default-router 192.168.2.1
dns-server 192.168.2.1
lease 86400
start 192.168.2.38 {
stop 192.168.2.243
}
}
}
shared-network-name Private {
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 8.8.8.8
dns-server 8.8.4.4
start 192.168.1.36 {
stop 192.168.1.199
}
unifi-controller 216.250.125.26
}
}
shared-network-name Public {
subnet 10.0.0.0/16 {
default-router 10.0.0.1
dns-server 8.8.8.8
dns-server 8.8.4.4
start 10.0.0.2 {
stop 10.0.255.254
}
unifi-controller 216.250.125.26
}
}
}
dns {
}
gui {
https-port 443
}
nat {
rule 5000 {
description "masquerade for WAN"
outbound-interface eth0
type masquerade
}
rule 5002 {
description "masquerade for WAN 2"
log disable
outbound-interface eth1
protocol all
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
conntrack {
expect-table-size 4096
hash-size 4096
table-size 32768
tcp {
half-open-connections 512
loose enable
max-retrans 3
}
}
host-name ubnt
login {
user ubnt {
authentication {
encrypted-password $6$rRzQWhtA.YDH4eKt$mYjnjLiFerP8kD3i9mjIUuvBrvZYvmDp2GcSZ0ghLoVOLaAXgsvi.yv56AlZ2B9hIzZ2XGutT6EasBXWjv6oz0
}
level admin
}
}
name-server 8.8.8.8
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
traffic-analysis {
dpi enable
export enable
}
}