Quantcast
Viewing all 60861 articles
Browse latest View live

Re: Edgerouter ER-6P configuration problem

September 19, 2018, 1:00 am
$
0
0
I just wanted to enable the firewall but it seems something is wrong. When trying to login i get the following error:

Render error: SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data

The dashboard is just a white space while the other tabs and screens seem to work. Anyone know a quick fix for this perhaps so i can test the lines?
Search

Re: Would Edgerouter work well at LAN-parties?

September 19, 2018, 1:09 am
$
0
0

Hi,

 

I wondered also what would be the best Edgerouter for a Lan party for approx 100 gamers with some e-sport competition.

The plan is to use it as a internet router only, all inter-Vlan (will maybe use some vlans) routing will be handled by a Cisco L3 switch.

 

I effectively wanted to use the "new" ER4 or ER6  but was worried about NAT which seems to be not offloaded 

I saw in some posts that on the ER4 the hwnat offload is not supported. So wondering if an ER4 will be able to handle 100 gamer and more using all an unique (or maybe 2-3) external Public IP, There will be quite a lot of Nat masquerade to handle by this small router no ? 

or maybe i'm wrong with the NAT being not offloaded on ER4 ?

 

Nico

Re: Support for g.fast SPF

September 19, 2018, 1:23 am
$
0
0
 wrote:

I am assuming that getting the device recognised, firmware injected etc. by the Edgerouter would be enough to have it act like a standard SFP and the g.fast side of things is handled transparently. Does that sound reasonable?

I think so. There are three components by the looks of it. Doing a firmware upload when the SFP is powered up. The fabled Ethernet Boot Management protocol to read the device status and possibly set things via an SNMP MIB by the looks of things, and a dying gasp driver. I suspect only the first is required to actually get it working.

 

I had a brush up on my MIPS assembler last night to ptobably tackle the handle_downloadfw_metabin_withpacktool routine first.

[SOLVED] Re: ER-X Plusnet UK DNS Failing Problem

September 19, 2018, 1:40 am
$
0
0

So, this problem has now gone.

 

I can now ping any external host or IP address, resolving is quick and pages load normally.

 

In fact, quicker than they have ever been!

 

I purchased a new ER-X but have not changed it, so I can only assume that my Technical Support Ticket and Tweets to ISP Plusnet in the UK have been answered...

 

...although they maintain "nothing changed."

 

Yeah, right.

 

Sorry to have bothered you all here.

 

Regards,

 

Paully

 

Re: EdgeRouter X SFP and EdgeSwitch ES‑8XP, can't get an IP for my switch and my devices

September 19, 2018, 1:49 am
$
0
0

Set the Nat on et0.101, the actual wan interface.

Cheers,

jonatha

 

Re: L2TP Vpn Routing All Traffic?

September 19, 2018, 3:04 am
$
0
0

 That is a very good solution as well. Thanks for sharing!

 

Ben

Re: A simple question

September 19, 2018, 3:36 am
$
0
0
Exactly! The advantage of this approach is that no modifications are made to the radios. VLAN techniques will work but require changes to each radio, which can only be corrected if mistakes are made by physically visiting each radio. My link is 4radios, 2 miles over a mountain!

Re: Sub IPv6 Prefix Delegation Support

September 19, 2018, 3:45 am
$
0
0

Hi,

 

it's now been approximately 3 years and from what I can tell, this feature is still not there. Any updates on when it might happen?

Search

Re: BUG? when creating new OpenVPN certificate

September 19, 2018, 4:15 am
$
0
0

I ran into the same but found out what the problem was so I am posting it here. The newCA script asks for a

  • PEM pass phrase
  • A challenge password
  • Enter pass phrase for ./demoCA/private/./cakey.pem

The third one is asking you for what you entered on the first one. 

 

I could have guessed immediately as the first one is preceded by

    writing new private key to './demoCA/private/./cakey.pem'

 

Which means that the third one is about the same object as the first one.

Re: Firewall Rule Accessing VLAN ETH2.100 TO WAN1 Port Forward

September 19, 2018, 4:22 am
$
0
0
 wrote:

destination group address-group ADDRv4_ethX

 

My bad, you are absolutely right! It might help to turn on the brain before posting Image may be NSFW.
Clik here to view. Mad2Image may be NSFW.
Clik here to view. Leaving

Re: ER8Pro dropping SIP packets

September 19, 2018, 4:25 am
$
0
0

Thanks, I've disabled it --- give it some time and I'll see how it works.

 

What's the default for the timeout?  I've set it to 900.  28800 seems rather long.

 

Re: ER8Pro dropping SIP packets

September 19, 2018, 4:41 am
$
0
0
The default for most routers is above 2 hours some up to 5 hours. 900 seconds is way to short.

Re: EdgeRouter as DHCPv6-PD server

September 19, 2018, 4:54 am
$
0
0

It's now been another half year or so, any progress on this?

Re: IPS/IPD for EdgeRouter?

September 19, 2018, 5:31 am
$
0
0

I give up

 

Since i cant upgrade to the 5.9 branch because of bugs (described elsewhere) to use the gui for IPS, how does one add addtional rules to the USG config manually, i have the current config as above on the USG, how do i add more?

 

 

Another port forwarding post

September 19, 2018, 5:57 am
$
0
0

Hi Guys,

 

I installed the EdgeRouter PoE load balanced over 2 WAN's. It works perfectly, but now I'm trying to forward ports to my machines behind the router and I've read a lot of posts but am still not able to get it working.  I just want to forward port 8888 to address 10.0.0.6 port 80. I've succesfully changed the GUI port and can access the GUI remotely, I would think that it's the same logic as this but no dice.

Can anyone please help?

 

I have a fixed IP from my ISP and no ports are blocked.

 

Thanks a lot!

 

Below is my current configuration:

 

firewall {
    all-ping enable
    broadcast-ping disable
    group {
        network-group PRIVATE_NETS {
            network 192.168.0.0/16
            network 172.16.0.0/12
            network 10.0.0.0/8
        }
    }
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians disable
    modify balance {
        rule 10 {
            action modify
            description "do NOT load balance lan to lan"
            destination {
                group {
                    network-group PRIVATE_NETS
                }
            }
            modify {
                table main
            }
        }
        rule 20 {
            action modify
            description "do NOT load balance destination public address"
            destination {
                group {
                    address-group ADDRv4_eth0
                }
            }
            modify {
                table main
            }
        }
        rule 30 {
            action modify
            description "do NOT load balance destination public address"
            destination {
                group {
                    address-group ADDRv4_eth1
                }
            }
            modify {
                table main
            }
        }
        rule 70 {
            action modify
            modify {
                lb-group G
            }
        }
    }
    name WAN_IN {
        default-action drop
        description "WAN to internal"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 30 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    name WAN_LOCAL {
        default-action drop
        description "WAN to router"
        rule 10 {
            action accept
            description test
            destination {
                port 8888
            }
            log enable
            protocol tcp_udp
            state {
                established enable
                invalid enable
                new enable
                related enable
            }
        }
        rule 20 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 30 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
        rule 40 {
            action accept
            description "Remote access"
            destination {
                port 8081,443,22
            }
            log enable
            protocol tcp
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
interfaces {
    ethernet eth0 {
        address dhcp
        description WAN
        duplex auto
        firewall {
            in {
                name WAN_IN
            }
            local {
                name WAN_LOCAL
            }
        }
        poe {
            output off
        }
        speed auto
    }
    ethernet eth1 {
        address dhcp
        description "WAN 2"
        duplex auto
        firewall {
            in {
                name WAN_IN
            }
            local {
                name WAN_LOCAL
            }
        }
        poe {
            output off
        }
        speed auto
    }
    ethernet eth2 {
        duplex auto
        poe {
            output off
        }
        speed auto
    }
    ethernet eth3 {
        duplex auto
        poe {
            output off
        }
        speed auto
    }
    ethernet eth4 {
        duplex auto
        poe {
            output off
        }
        speed auto
    }
    loopback lo {
    }
    switch switch0 {
        address 10.0.0.1/24
        description Local
        firewall {
            in {
                modify balance
            }
        }
        switch-port {
            interface eth2 {
            }
            interface eth3 {
            }
            interface eth4 {
            }
        }
    }
}
load-balance {
    group G {
        interface eth0 {
        }
        interface eth1 {
        }
    }
}
port-forward {
    auto-firewall enable
    hairpin-nat enable
    lan-interface switch0
    rule 1 {
        description test
        forward-to {
            address 10.0.0.6
            port 80
        }
        original-port 8888
        protocol tcp_udp
    }
    wan-interface eth0
}
service {
    dhcp-server {
        disabled false
        hostfile-update disable
        shared-network-name LAN {
            authoritative enable
            subnet 10.0.0.0/24 {
                default-router 10.0.0.1
                dns-server 10.0.0.1
                lease 86400
                start 10.0.0.50 {
                    stop 10.0.0.243
                }
            }
        }
    }
    dns {
        forwarding {
            cache-size 150
            listen-on switch0
        }
    }
    gui {
        https-port 8081
    }
    nat {
        rule 5000 {
            description "masquerade for WAN"
            outbound-interface eth0
            type masquerade
        }
        rule 5002 {
            description "masquerade for WAN 2"
            outbound-interface eth1
            type masquerade
        }
    }
    ssh {
        port 22
        protocol-version v2
    }
    unms {
        disable
    }
}
system {
    conntrack {
        expect-table-size 4096
        hash-size 4096
        table-size 32768
        tcp {
            half-open-connections 512
            loose enable
            max-retrans 3
        }
    }
    host-name ubnt
    login {
        user tom {
            authentication {
                encrypted-password ****************
            }
            level admin
        }
    }
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone UTC
}
Search

Re: Support for g.fast SPF

September 19, 2018, 6:00 am
$
0
0

That would be seriously impressive and greatly appreciated.

 

Being able to go back to using my Edgerouter would be great.

 

Please let me know what's needed from my side in terms of testing etc.

 

More than happy to do what's needed.

Re: Another port forwarding post

September 19, 2018, 6:10 am

Two Edgerouters

September 19, 2018, 6:19 am
$
0
0

Hi,

 

I'm confused if I have a NAT or Firewall problem.

I have two Edgerouters, ER1 & ER2 linked by Nanobeams over a mile or two.

ER1 has eth0 WAN connection to outside world.

ER2 eth0 masquerades WAN from ER1 which all works fine, all devices/APs on ER2 have internet access fine, and can ping devices in ER1 LANs.

My problem is I cant ping any devices in ER2 from anywhere within ER1.

The reason for having 2 routers is that ER2 is routing a whole bunch of industrial PLCs/SCADA etc so if the Nanobeam link is dropped I still want ER2 to do the routing for its own LANs. 

Do I need to turn off NAT on ER2? Is it as simple as deleting the rule from the NAT page in the GUI?

Or what settings in ER2 firewall need to be adjusted to allow ER1 access to ER2?

 

Thanks in advance.

Re: Support for g.fast SPF

September 19, 2018, 6:35 am
$
0
0

Just don't expect anything quick. Probably take me several weeks to reproduce the firmware download routine depending on other things. Most usefull thing is plug away at getting the source for the kernel driver at this point in time.

Re: Set a static IP for one computer?

September 19, 2018, 6:42 am
$
0
0

If I set up a DHCP static IP per the User Guide's instructions, how is the client configured?  Does the client just see a normal DHCP server (that happens to give it the same IP address every time it renews its lease)?

 

I haven't bought an EdgeRouter yet.  Trying to compare to my current router, where the router can only "reserve" an address within the DHCP range for a client, but I have to manually configure the client's static IP, subnet and DNS.  Thanks.

Viewing all 60861 articles
Browse latest View live
Search