ROUTER: EdgeMAX X with firmware v.1.8
ENVIRONMENT: Cable ISP provides a single ethernet cable (WAN) to the home and an 8-port ethernet switch (LAN) to branch to all outlets in the home. Outside of the home the ISP's router provides IP addresses and DNS to all wired devices in the home via DHCP, but only allows 15 IPs per home. I have more than 15 wired devices (with ethernet switches at several ethernet outlests throughout the house). The devices need to be able to talk to each other, so they need to be on the same network (or bridged networks).
GOAL: To use the EdgeMAX to as a DHCP server between the ISP's incoming ethernet cable (WAN) and 8-port switch, so that 200+ IP addresses are available in the home.
PROBLEM: Devices receive IP address from EdgeMAX DHCP, and can perform DNS lookups. But cannot connect to or PING any external servers (e.g., google.com, etc.).
TESTING: I have tried MANY times to use both WAN_2LAN and WAN_2LAN2 wizards. I have tried this on two different but identical network environments. At home, as described below, and at work. I get the same behavior in both places.
Clearly I've made a mistake somewhere. Any help is appreciated.
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action accept
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action accept
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address dhcp
description Internet
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
}
ethernet eth1 {
description Local
duplex auto
speed auto
}
ethernet eth2 {
description Local
duplex auto
speed auto
}
ethernet eth3 {
description Local
duplex auto
speed auto
}
ethernet eth4 {
description Local
duplex auto
speed auto
}
loopback lo {
}
switch switch0 {
address 192.168.1.1/24
description Local
mtu 1500
switch-port {
interface eth1
interface eth2
interface eth3
interface eth4
}
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN {
authoritative disable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 192.168.1.1
lease 86400
start 192.168.1.38 {
stop 192.168.1.243
}
}
}
}
dns {
forwarding {
cache-size 150
listen-on switch0
}
}
gui {
https-port 443
}
nat {
rule 5010 {
description "masquerade for WAN"
outbound-interface eth0
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
host-name ubnt
login {
user lpslot {
authentication {
encrypted-password $6$bsEvI1Ib$8jJIP6l0sFaKbDn9I7kEW797OO3er/CvfcQ08LW4jlbT7itRcYK2a.IycEBjSF4Ktw0bin7xrjJnf9wkpqKt7.
}
level admin
}
}
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.8.0.4853089.160219.1607 */