Hello, I seem to be having an issues with my ERL dropping the IP address my ISP assigned.
I have narrowed it down to one firewall rule for dropping bogon networks. I also noticed that after typing my user name to login via SSH it takes a few seconds before I actually get prompted for my password.
Removing the group/rules seems to resolve the issue. Any help sorting this out would be appreciated.
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
group {
network-group BOGONS {
description "Invalid WAN networks"
network 10.0.0.0/8
network 100.64.0.0/10
network 127.0.0.0/8
network 169.254.0.0/16
network 172.16.0.0/12
network 192.0.0.0/24
network 192.0.2.0/24
network 192.168.0.0/16
network 198.18.0.0/15
network 198.51.100.0/24
network 203.0.113.0/24
network 224.0.0.0/3
}
}
name LAN_IN {
default-action accept
description "Wired network to other networks."
}
name LAN_LOCAL {
default-action accept
description "Wired network to router."
}
name WAN_IN {
default-action drop
description "Internet to internal networks"
enable-default-log
rule 1 {
action accept
description "allow established/related"
log disable
state {
established enable
related enable
}
}
rule 2 {
action drop
description "drop invalid"
log enable
state {
invalid enable
}
}
rule 3 {
action drop
description "drop BOGON source"
log enable
protocol all
source {
group {
network-group BOGONS
}
}
}
}
name WAN_LOCAL {
default-action drop
description "Internet to router"
enable-default-log
rule 1 {
action accept
description "allow established/related"
log disable
state {
established enable
related enable
}
}
rule 2 {
action drop
description "drop invalid"
log enable
state {
invalid enable
}
}
rule 3 {
action drop
description "drop BOGON source"
log enable
protocol all
source {
group {
network-group BOGONS
}
}
}
rule 4 {
action accept
description "rate limit ICMP 50/m"
log enable
protocol icmp
limit {
burst 1
rate 50/minute
}
}
}
name WLAN_IN {
default-action accept
description "Wireless network to other networks"
}
name WLAN_LOCAL {
default-action accept
description "Wireless network to router."
}
}
interfaces {
ethernet eth0 {
address dhcp
description "WAN/Internet"
duplex auto
speed auto
loopback lo {
}
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
}
ethernet eth1 {
address 10.0.0.1/24
description "LAN/Local01"
duplex auto
speed auto
firewall {
in {
name LAN_IN
}
local {
name LAN_LOCAL
}
}
}
ethernet eth2 {
address 10.0.1.1/24
description ""LAN/Local02"
disable
duplex auto
speed auto
firewall {
in {
name LAN_IN
}
local {
name LAN_LOCAL
}
}
}
}
service {
dhcp-server {
disabled false
shared-network-name wired-eth1 {
authoritative enable
description "Wired Network - Eth1"
subnet 10.0.0.0/24 {
default-router 10.0.0.1
dns-server 10.0.0.21
dns-server 8.8.8.8
lease 86400
ntp-server 10.0.0.1
time-server 10.0.0.1
start 10.0.0.100 {
stop 10.0.0.200
}
}
}
}
gui {
https-port 443
listen-address 10.0.0.1
listen-address 10.0.1.1
}
nat {
rule 5010 {
description "WAN MASQ"
log disable
outbound-interface eth0
protocol all
type masquerade
}
}
ssh {
listen-address 10.0.0.1
listen-address 10.0.1.1
port 22
protocol-version v2
}
}
system {
host-name xxxxxxxxxxxx
name-server 10.0.0.21
name-server 8.8.8.8
time-zone America/Chicago
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
user xxxxxxxxxxxx {
authentication {
encrypted-password xxxxxxxxxxxx
plaintext-password ""
}
}
}
package {
repository squeeze {
components "main contrib non-free"
distribution squeeze
password ""
url http://ftp.us.debian.org/debian/
username ""
}
repository squeeze-updates {
components "main contrib"
distribution squeeze/updates
password ""
url http://security.debian.org/
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
vpn {
pptp {
remote-access {
authentication {
mode radius
radius-server 10.0.0.21 {
key xxxxxxxxxxxx
}
}
client-ip-pool {
start 10.0.0.90
stop 10.0.0.99
}
dns-servers {
server-1 10.0.0.21
server-2 8.8.8.8
}
mtu 1492
outside-address x.x.x.x
}
}
}
}