Quantcast
Channel: All EdgeRouter posts
Viewing all 60861 articles
Browse latest View live

Disabling or blocking the inter-lan between the ports eth1 and eth2 via firewall.

January 22, 2019, 12:40 pm
$
0
0

Hello,

 

Please, I am having trouble disabling or blocking the inter-lan between the ports eth1 and eth2 via firewall.

 

I need to use edgerouter to route two devices that are on two different networks but both networks have the same 255.255.255.0 masking and 192.168.0.xxx IP range, as shown in the drawing.

 

The problem I face today in having two networks with the same mask and range of ips connected on ports eth1 and eth2 is that edgerouter disables one of the ports for some conflict on ports eth1 and eth2.

 

When I go in the dashboard and click on the button to deactivate the port eth2 that was in trouble and then active again the eth2 returns to operate normally but the eth1 stops operating and ip from the eth1 gateway does not respond anymore, and so it occurs in the same way if you try to do with eth1.

 

The configured nat works correctly if you change the ip of one of the ports to a different range with for example 192.168.10.99  the problem of disabling the ports not  occur.

 

How can I do to block via firewall or some command that disables communications between eth1 and eth2?

 

I already read several posts and I even joined ubnt support chat but I can not solve it.

 

CLI commands are easier to understand and implement, if possible they could send in this format.

 

Could you please help me?

 

Thank you

Search

Re: Disabling or blocking the inter-lan between the ports eth1 and eth2 via firewall.

January 22, 2019, 12:51 pm
$
0
0

But you cannot use the same address space on two different routed interfaces ...

Cheers,

jonatha

Re: VPN Help Needed - Edgerouter to pfsense

January 22, 2019, 1:37 pm
$
0
0

Are you able to connect via a pc ? If yes, can you post the openvpn config of the pc (hiding/redacting sensitive data, where necessary) ?

Cheers,

jonatha

Re: Changed modems for ATT Fiber and Netgear switch connected to ER3 stopped working + other issues

January 22, 2019, 1:46 pm
$
0
0

Your dhcp server is still configured to give out addresses in 192.168.1.0/24, but since the request is coming via the interface eth0 that has 192.168.101.1/24 address, the request is ignored.

 

    dhcp-server {
        disabled false
        hostfile-update disable
        shared-network-name LAN1 {
            authoritative disable
            subnet 192.168.1.0/24 {
                default-router 192.168.1.1
                dns-server 192.168.1.1
                lease 86400
                start 192.168.1.21 {
                    stop 192.168.1.240
                }
            }
        }

 This needs to be changed to:

 

service {
    dhcp-server {
        disabled false
        hostfile-update disable
        shared-network-name LAN1 {
            authoritative disable
            subnet 192.168.101.0/24 {
                default-router 192.168.101.1
                dns-server 192.168.101.1
                lease 86400
                start 192.168.101.21 {
                    stop 192.168.101.240
                }
            }
        }

Easiest way is from a putty session to the edgerouter (so you can copy/paste the following)

 

Before doing anything to change the config make a backup using the GUI system tab at bottom, then backup config

 

Backup EdgeRouter GUI.PNG

 

Backing up prior to making changes is a good habit to get into.

 

Now from a PC at the right (192.168.2.154) install putty (if not on it), or just download the zip and extract to a usb stick and run from the usb on the pc, you don't have to install).  Then putty to 192.168.2.1, login and paste the following in:

 

configure
delete service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24
set service dhcp-server shared-network-name LAN1 subnet 192.168.101.0/24 default-router 192.168.101.1
set service dhcp-server shared-network-name LAN1 subnet 192.168.101.0/24 dns-server 192.168.101.1
set service dhcp-server shared-network-name LAN1 subnet 192.168.101.0/24 lease 86400
set service dhcp-server shared-network-name LAN1 subnet 192.168.101.0/24 start 192.168.101.21 stop 192.168.101.240
commit;save;exit

This should change the config, but you will need to restart the dhcp service (still from the putty session)

 

sudo service dhcpd restart

Then on a pc at the left, either disconnect ethernet, wait 10 seconds, replug ethernet, or from admin cmd ipconfig/release followed by ipconfig/renew

 

Then see if you can access internet.

 

There are other changes you may want to make (do you want the devices on the Netgear to be able to see devices on the TP-Link?).  Also you may want to enable offload for increased performance, but lets worry about that after you get things working.

Re: VPN Help Needed - Edgerouter to pfsense

January 22, 2019, 1:55 pm
$
0
0

nope, after I import the opvn file into the windows client it gives the error:

No readable connection profiles found.

 

my opvn file:

dev tun
persist-tun
persist-key
cipher AES-128-CBC
auth SHA1
pull
resolv-retry infinite
proto udp
remote AAA.BBB.CCC 1195
ifconfig 10.10.10.2 10.10.10.1
keepalive 10 60
ping-timer-rem
<secret>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
XXXXXXXXXXX
-----END OpenVPN Static key V1-----
</secret>

Re: EdgeRouter X not handing out DHCP Addresses

January 22, 2019, 2:08 pm
$
0
0

Yes the interfaces are properly detected as gigabit. 

Edge OS Routing issue from one LAN

January 22, 2019, 2:09 pm
$
0
0

Hello,

 

I originally got my first LAN (10.0.1.0/24) working after setting it up using a wizzard.  After an incident with a hacked computer, I needed to setup an entirely different network and route it's traffic to the internet.

I have successfully setup the network 192.168.1.0/24, I can ping it's gateway, (192.168.1.1) but I cannot seem to get the network online despite my efforts with routes, SNAT, and firewall policies. 

 

Attached is my obfuscated configuration file. 

 

 

Thanks for the help in advance!

 

 

FYI: I have not noted my router type because I do not believe it matters right now.

Re: Fan's on Edgerouter Infinity

January 22, 2019, 2:11 pm
$
0
0

Am I to understand correctly that the fans will run this loud all the time? Even with 0 load?

 

I am setting a new unit up for the first time, it's louder than anything else I have in my office.

 

Capture.PNG

Search

Re: Any clues on how to capture stdout/stderr output of perl script?

January 22, 2019, 2:28 pm
$
0
0

Any suggestions for capturing the script output?

Re: Edge OS Routing issue from one LAN

January 22, 2019, 2:34 pm
$
0
0

Isn't clear which are the goals, eg, on eth1 ("isolation network"), there is the ruleset WAN_LOCAL (?), and the dhcp-options, the NAT rule is only for that network (no internet access for the 10.0.1.0/24 network ?), the dns is listening on the wan interface (eth0) and not on eth1, there is a static route with the exit-interface on a multi-access network .... Can you explaing what are your needs ?
Cheers,
jonatha

Re: VPN Help Needed - Edgerouter to pfsense

January 22, 2019, 2:43 pm
$
0
0

Where did you place the .ovpn config file, and on which client ? No CA cert. ? What kind of authentication ? Did you ever use openvpn on the PFSense ?
Cheers,
jonatha

Re: VPN Help Needed - Edgerouter to pfsense

January 22, 2019, 2:54 pm
$
0
0

That is the fun part about openvpn, 1000 ways to set it up depending on who you ask.

 

I exported the file from the new openvpn server instance.

I imported the file and it is in the OpenVPN/Config directory.

 

Mode: Peer to Peer Shared Key (same as my working setup)

 

I do have a working openvpn setup running between the mountain and my house right now between two pfsenses with no problems.

Re: commands

January 22, 2019, 2:58 pm
$
0
0
Hi

May I recommend that you upgrade to version 1.10.8, since the version you're using contains multiple vulnerabilities.

Re: Newbie: Edge router X cannot access

January 22, 2019, 3:07 pm
$
0
0

That function (DHCP on eth1) is only available with firmware 2.0.0+, so it will generate confusion until they either add a note or most devices comes delivered with a new version.

aufs corruption - lack of auchk on power cycle

January 22, 2019, 3:13 pm
$
0
0

We have many EdgeRouter devices deployed in an embedded system sort of scenario. This system experiences power cycles, at least daily, which is leading us to see a fair amount of AUFS corruption. This primarily manifests as DNS server malfunction, which others on the forum have also reported. The EdgeRouter doesn't appear to be handling this correctly (per documentation).

 

http://aufs.sourceforge.net/aufs.html (or man 5 aufs):

 

"If a sudden accident such like a power failure happens during aufs is performing, and regular fsck for branch filesystems is completed after the disaster, you need to extra fsck for aufs writable branches. It is necessary to check whether the whiteout remains incorrectly or not, eg. the real filename and the whiteout for it under the same parent directory. If such whiteout remains, aufs cannot handle the file correctly. To check the consistency from the aufs' point of view, you can use a simple shell script called /sbin/auchk. Its purpose is a fsck tool for aufs, and it checks the illegal whiteout, the remained pseudo-links and the remained aufs-temp files. If they are found, the utility reports you and asks whether to delete or not. It is recommended to execute /sbin/auchk for every writable branch filesystem before mounting aufs if the system experienced crash."

 

Unfortunately I don't even see auchk on the device. The condition results in system log lines such as,

  • aufs au_lkup_dentry:223:cmp[1651]: I/O Error, both of real entry and whiteout found, ssh, err -5
  • aufs au_lkup_dentry:223:mv[1652]: I/O Error, both of real entry and whiteout found, ssh, err -5
  • aufs au_lkup_dentry:223:ssh[2233]: I/O Error, both of real entry and whiteout found, ssh, err -5
  • aufs au_lkup_dentry:223:sudo[6215]: I/O Error, both of real entry and whiteout found, resolv.conf, err -5
  • aufs au_lkup_dentry:223:cp[1201]: I/O Error, both of real entry and whiteout found, ntp.conf, err -5
  • aufs au_lkup_dentry:223:sh[1204]: I/O Error, both of real entry and whiteout found, ntp.conf, err -5
  • aufs au_lkup_dentry:223:busybox[1205]: I/O Error, both of real entry and whiteout found, ntp.conf, err -5
  • aufs au_lkup_dentry:223:sshd[5103]: I/O Error, both of real entry and whiteout found, sshd_config, err -5

and occurs in some forum posts:

In almost every case the fix is either "Update the firmware", "Do a hardware reset", or replace the router (one diagnosed as hardware failure). This issue could be fixed by running auchk, especially at boot (because are these ever safely power-cycled?). A fix that is documented online is `rm -f /path/to/i/o/error/file`, which will remove the file properly(?) and allow you to start anew.

 

As I'm unable to easily access these devices once deployed, could I request assistance?

Search

Re: Edge OS Routing issue from one LAN

January 22, 2019, 4:05 pm
$
0
0

Hi, sorry for the confusion. I'll try to best answer your questions.

 

My main goal is to create an isolated network (192.168.1.0/24) with internet access.  the ruleset WAN_LOCAL is intended to apply a different rule set to the second network. The rules for that firewall are fairly open. 

 

Are you implying I need DNS to listen on eth1? EDIT: Set DNS to listen on eth1, google is now resolving to a DNS ip (172.217.9.142), same DNS from the 10.0.1.0/24 network

 

I do have internet from the 10.0.1.0/24 network.

 

Please elaborate on your statement "there is a static route with the exit-interface on a multi-access network"?

 

Thanks!

 

Re: Newbie: Edge router X cannot access

January 22, 2019, 3:32 pm

Re: commands

January 22, 2019, 3:43 pm
$
0
0
After upgrading to the latest firmware, you will also want to upgrade the bootloader, you can begin with "show system boot-image" and it will tell you if necessary and the command to update the bootloader.

Re: ERPro-8 ipv4 Offload will not turn on

January 22, 2019, 4:14 pm
$
0
0

So port forwarding with translation will stop the hardware offload?

EdgeRouter X - What other hardware for home setup?

January 22, 2019, 4:19 pm
$
0
0

As the title states, I'm finally getting around to setting up my EdgeRouter X and am in need of suggestions for what other Ubiquiti gear I should purchase.

 

Wants:

  1. Multiple VLANs for various things
    • User Workstations
    • Home Security (NVR and cameras....PoE provided by NVR for most cameras)
    • Home automation (thermostats, weather sensors, etc)
    • IoT junk (Smart TVs, Roku, Firesticks, etc)
    • Guest Wifi
  2. Maintaining these VLANs through both wired and wireless networks
    • Wifi over ~ 2500sq ft home with some coverage to a small deck/patio.
  3. Configuring all of this with minimial interfaces (hoping I can just do it from the EdgeRouterX)

 

Right now I have a handful of unmanaged switches working in conjunction with a primary wifi router + another acting in AP mode.  It works but is no way clean.  Even with 3rd party firmware it's not an easy task trying to get everything setup correctly.

 

So I have an EdgeRouterX.  Bought it over a year ago and have configured the thing a dozen times when I thought I might make the switch.  The main issue always how to use the equipment that I had, which at this point I know is not going to happen (at least not without a lot of headache)

 

I'm thinking at least 1, maybe 2, AC Lite or AC Pro for wireless coverage. 

The managed switch is another story.  I know that I can re-use my unmanged switches in some areas such as my office and just have one uplink to a managed switch with VLAN configured.  Do I go with any old managed switch to have VLAN capability?  I really don't have need for PoE other than the AC Lite or AC Pros that I might purchase.

 

Any suggestions would be most appreciated.  Also please let me know if this should go into another forum that're more appropriate for my question.

 

Thanks!

-Kirk

Viewing all 60861 articles
Browse latest View live
Search