Hi,
I've got a problem with my new EdgeMAX Firewall.
I've added a port forward from wan (eth0) to a server at the lan (eth2).
And from the WAN everything works fine.
I would like to access the server from my VLAN (eth2.100).
The Client in the VLAN (a separate subnet for wireless) calls the WAN IP-Address.
But the firewall stopps the access.
Could anybody tell me what firewall rule or port forward is missing?
Best regards
Mark
Hi all,
I am looking for someone to help me set up a few rules to configure and secure my network.
I have 3 VLANs and need to ensure traffic between some of them but not all.
I know what I want, just don´t know how to get it 
I expect to pay for your time.
(Apologies if I am in the wrong forum or break any netiquette.)
Plz send me a message and we get in touch.
Anyone up to the task?
For start, have a look here ...
Cheers,
jonatha
Did you declared both eth2 and eth2.100 under port-forward, lan interface ?
Cheers,
jonatha
I just got some ER-X in with a date code of 1822G. They came with 1.9.7-hotfix.3 firmware. Here's what it shows for bootloader after I flashed 1.10.6:
$ sudo md5sum /dev/mtdblock2 828a6788a539809103bd42d121634211 /dev/mtdblock2 $ show system boot-image The system currently has the following boot image installed: Uboot version: UNKNOWN
I've never seen that md5sum but I guess it must be the patched bootloader?
Sorry, I meant a different thing, anyway, if you try something like this
And you connect the cable modem to eth0 and your laptop to eth1-4, what's happen ?
In answer to 2, appears to work perferctly on the EdgeRouter 6P.
I'm a Merlin (Asus) convert just getting to grips with UBNT the last 2 days, thanks for your instructions they were flawless in my install on a EdgeRouter 6P v1.10.6 - so I joined the forumn just to say thank you.
Regards
George.
I have this as L2TP
l2tp {
remote-access {
authentication {
local-users {
username foo {
password *************
}
}
mode local
}
client-ip-pool {
start 192.168.2.181
stop 192.168.2.200
}
dns-servers {
server-1 192.168.2.67
}
ipsec-settings {
authentication {
mode pre-shared-secret
pre-shared-secret *************
}
ike-lifetime 3600
}
mtu 1492
outside-address MYOUTSIDEIP
}
}What I need is multiple VPN end points, for different users that I can then give different firewall rules. Can that be done at all?
Hi Jonatha,
thanx, but I am too dumb to understand what´s written there. I have tried for the better part of a year to do it myself. I have given up on me.
I am looking for someone experienced to set it up, explain it to me so that I can understand and possibly to harden the whole setup.
I have a test rig I can give access to, where we can set it up and test the solution, wihtout it affecting my production setup.
/
Thomas
Use normal config:
Sadly makes no difference.
I can try it with DHCP Option 60, and with and without VLAN 10. Simply nothing happening on that interface.
Would love to see this working. Currently my setup is back to using the Swisscom junk, before that I at least had a VDSL gateway and my Edgerouter, but there are no g.fast gateways current available for general purchase.
wrote:
enter configure mode, then type
load /path/to/configurationFile
WHAAAAT! 
My goodness. THANK YOU! Thank you so much for that.
Disabling Hardware Offloading fixed the issue. I wonder why hwnat is not supporting this type of traffic ...
But it seems there is not big performance impact of doing that. Unless I don't know something
Thanks for help
Looks like:
admin@er6:~$ restart flow-accounting Starting flow-accounting [ingress] Starting flow-accounting [egress]
has restored NetFlow data to both UNMS and UCRM.
Router has not been rebooted, UNMS has logs. LMK what info we can provide.
Billing for this data use comprises over 40% of our monthly gross income. We need some way to know that data is not flowing.
I have a eth0 as my WAN interface with a public IP of 98.XXX.XXX.XXX, my UniFi AC WAP is on eth1 (192.168.1.1/24), and I have a server on eth3 (192.168.2.1/24) with local address 192.168.2.50. NAT reflection appears to work on the server itself, if I try to access my WAN IP from 192.168.2.50 it comes up properly. However, when I try to reach the WAN IP/domain from any computers on eth1, the 192.168.1.0/24 subnet, it will not connect.
I have tried several sNAT and dNAT rules including masquerading eth1, and setting the dNAT rule as source: WAN IP, destination: local server IP, and translation for the server IP all on port 80. I cannot get this to work for the life of me. Any ideas?
Even on WAN side, remote server no longer responds to your SYN packets
Which is pretty weird, and I can only guess why remote server bans you for a while.
Classes in queue should have prio set, so rtp gets better treatment (lower prio value) as default traffic.
What ER-model are you on? 100Mb/s is too high for some models.
Do you really get the 100Mb/s bandwidth?QoS is only functional if it owns the queue.