I think you have two different issues. You mention wizard configured vlans. Are you using vlan-aware mode? If so, do you have an address on the switch0 interface? If so, you need to move the address to a subinterface (vif). But becareful not to lock yourself out.
Your speed problem is consistent with ATT fiber and Pace modems when using DMZ+ mode.
ATT pace slow
and come to your own conclusions.
The DHCP is working fine now, that ended up working after doing a factory reset and rerunning the wizard.
I'll have to check into the issue you mention with the Pace Modem.
wrote: wrote: Check out the Meanwell SCP-75 series. 75W of temperature-compensated lead-acid charging for less than $25. We deployed some about a year ago and (so far) they are working out quite well. It took a fair bit of research to locate the appropriate 100 kΩ thermistors (with a not-so-common curve).
Where did you find them?
I managed to reach a Meanwell engineer here in the US, who cited a Thinking TTC3A104F4193EY part, which (after a bit of research on their Taiwanese site) turns out to have a beta of 4190. DigiKey has several options.
I followed the directions to set DNS forwarding to my Raspberry Pi w/ PiHole but still showing the DNS received from DHCP from eth9/WAN. What am I doing wrong?
-----------------------------------------------
Nameservers configured for DNS forwarding
-----------------------------------------------
192.168.1.2 available via 'statically configured'
127.0.0.1 available via 'optionally configured'
75.75.75.75 available via 'dhcp eth9'
75.75.76.76 available via 'dhcp eth9'
First Post Marked as Spam - I need help with this!
Hello Fellow Nerds!
I have set up 2 sets of DNAT connections to attempt to allow remote desktop through both IP addresses while using Load Balancing on the EdgeRouter X. I cannot get Remote Desktop to work using both IP addresses only one will work at a time. I am using DynamicDNS which is why this is a problem (as it switches back and forth between the two WAN IP's)
I have correctly setup the Firewall Rules to allow this traffic (I believe).
Full disclosure I am very new to the Ubiquiti equipment and networking for that matter so I may be trying to do something that is impossible.
If this is impossible does anyone have any ideas of how I can set this up to work properly?
WAN 1 is Comcast
WAN 2 is a Local Fiber Company
firewall {
all-ping enable
broadcast-ping disable
group {
network-group PRIVATE_NETS {
network 192.168.0.0/16
network 172.16.0.0/12
network 10.0.0.0/8
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians disable
modify balance {
rule 10 {
action modify
description "do NOT load balance lan to lan"
destination {
group {
network-group PRIVATE_NETS
}
}
modify {
table main
}
}
rule 20 {
action modify
description "do NOT load balance destination public address"
destination {
group {
address-group ADDRv4_eth0
}
}
modify {
table main
}
}
rule 30 {
action modify
description "do NOT load balance destination public address"
destination {
group {
address-group ADDRv4_eth1
}
}
modify {
table main
}
}
rule 70 {
action modify
modify {
lb-group G
}
}
}
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action accept
description Server
destination {
port 6666
}
log disable
protocol tcp
}
rule 40 {
action accept
description Workstation2
destination {
port 5885
}
log disable
protocol tcp
}
rule 50 {
action accept
description Workstation1
destination {
port 3389
}
log disable
protocol tcp
}
rule 60 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address dhcp
description WAN
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
}
ethernet eth1 {
address dhcp
description "WAN 2"
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
}
ethernet eth2 {
duplex auto
speed auto
}
ethernet eth3 {
duplex auto
speed auto
}
ethernet eth4 {
duplex auto
speed auto
}
loopback lo {
}
switch switch0 {
address 192.168.1.1/24
description Local
firewall {
in {
modify balance
}
}
mtu 1500
switch-port {
interface eth2 {
}
interface eth3 {
}
interface eth4 {
}
vlan-aware disable
}
}
}
load-balance {
group G {
interface eth0 {
}
interface eth1 {
}
lb-local enable
lb-local-metric-change disable
}
}
port-forward {
auto-firewall disable
hairpin-nat disable
wan-interface eth0
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN {
authoritative enable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 192.168.1.1
lease 86400
start 192.168.1.38 {
stop 192.168.1.243
}
static-mapping Jesse {
ip-address 192.168.1.190
mac-address 94:de:80:a7:9c:0d
}
static-mapping VictoryServer {
ip-address 192.168.1.50
mac-address 34:17:eb:d8:98:89
}
}
}
static-arp disable
use-dnsmasq disable
}
dns {
forwarding {
cache-size 150
listen-on switch0
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 1 {
description ServerWAN1
destination {
group {
}
}
inbound-interface eth0
inside-address {
address 192.168.1.50
port 6666
}
log disable
protocol tcp
type destination
}
rule 5 {
description ServerWAN2
destination {
group {
}
}
inbound-interface eth1
inside-address {
address 192.168.1.50
port 6666
}
log disable
protocol tcp
type destination
}
rule 6 {
description WorkstationWAN1
destination {
group {
}
}
inbound-interface eth0
inside-address {
address 192.168.1.190
port 3389
}
log disable
protocol tcp
type destination
}
rule 7 {
description WorkstationWAN2
destination {
group {
}
}
inbound-interface eth1
inside-address {
address 192.168.1.190
port 3389
}
log disable
protocol tcp
type destination
}
rule 5000 {
description "masquerade for WAN"
outbound-interface eth0
type masquerade
}
rule 5002 {
description "masquerade for WAN 2"
outbound-interface eth1
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
You're using custom MAC address on WAN interface. Does that break offload?
ER12 has same CPU as ER4 and ER6 ....and it has 8 port switch build in
wrote:
Inquiring minds would like to have some sort of idea when 2.0.1 will be posted? Is there a beta available now hidden on the beta forum somewhere?
Thanks in advance!
No 2.0.1 beta as of now.
Many who are in beta also screamed about 2.0.0 being released when there are so many show-stopping issues flagged and ignored. Some are pissed that we wasted so many hours and efforts to contribute to better releases yet seems ignored and rush to door just because there is a new product (not production release yet) that requires this 2.0.0 firmware.
@UBNT-afomins
> I think it's because RTSP is blocked by new firewall. Please use following workaround and report back if it fixed RTSP issue:echo 'net.netfilter.nf_conntrack_helper=1' | sudo tee -a /etc/sysctl.d/30-vyatta-router.conf reboot
I just tried this CLI command and after applying (and reboot) RTSP works. I hope it is is fixed in the next version 
The best way could be starting start from scratch, resetting the edgerouter to default, then use the wizard eg the WAN+2LAN2, and then create a Guest firewall for the isolated network.
Cheers,
jonatha
Thanks Sash for your suggestion.
I revisitied my configuration and added a static route on the ER6. Silly me! VLAN20 could see the ER6, but the ER6 could not see VLAN20. All sorted now.
Hello, I am trying to redirect all traffic from particular eithernet interface via tunnel interface.
Here are the relevant configuration parts:
modify TUNNEL_ROUTE { rule 1 { action modify description "Traffic goes through TUNNEL" modify { table 1 } source { address 192.168.1.0/24 } } }ethernet eth1 { description Local duplex auto firewall { in { modify TUNNEL_ROUTE } } speed auto }tunnel tun0 { address 1.1.1.2/24 encapsulation ipip local-ip *.*.*.* multicast disable remote-ip *.*.*.* ttl 255 }protocols { static { table 1 { interface-route 0.0.0.0/0 { next-hop-interface tun0 { } } } } }rule 5000 { description "Tunnel" log disable outbound-interface tun0 protocol all source { address 192.168.1.0/24 } type masquerade }
This is being just ignored. Traffic leaves via eth0 like nothing appears in the config.
I purchased a new ``Ubiquiti EdgeRouter X (ER-X)''.
I attempted to login with the default username and password ``ubnt'' (from different computers and even the Ubiquiti apps) and it did not work.
I tried resetting the router and still have the same problem.
I have searched the forums and this seems like a common problem with no solution.
Hi All
This comes more out of curiosity rather than having a problem. I was working on logging interface activity yesterday and noticed that my VLAN virtual interfaces werent reporting traffic that was traversing them. This kinda makes sense because i have offload VLAN enabled - depending on what vlan offload actually "does"
I am curious though - is there a whitepaper or detailed descritption of what each offloading type actually does (under the hood) and how they might interact with each other? For example, what happens if I forward traffic from one vlan to another with vlan disabled and forward enabled... does it still get offloaded somehow? That kind of thing
I've disabled vlan offloading to test a theory and i now see traffic patterns on my virtual interfaces as I'd expected with no descernable drop in throughput or increase in cpu load so I was just curious as to how it actually works
Would make for an interesting read 
FWIW I am referring to an ER4 here, but I have a few other ER devices.
Those snippets don't show IP address under eth1
If eth1 is under switch0 (ER-X), this won't work, rule should be applied on L3 interface instead
(being switch0)
Hi
I am afraid that I have not been able to replicate this issue yet on the v2.0.0 firmware using approximately 1400 OSPF routes. Like in your logs, I am also seeing seeing an occasional database descriptor failed messages. However, this not preventing the actual LSAs from being received and the routes from being installed in the routing/forwarding table:
show ip route summary IP routing table name is Default-IP-Routing-Table(0) IP routing table maximum-paths : 8 Total number of IPv4 routes : 1404 Total number of IPv4 paths : 1404 Route Source Networks connected 3 ospf 1401 Total 1404 FIB 1401 ECMP statistics: --------------------------------- Total number of IPv4 ECMP routes : 0 Total number of IPv4 ECMP paths : 0
Do you only see the issue after manually clearing the OSPF process or does it happen after a reboot / clean install as well? Can you forward me the (sanitized) OSPF configuration?
-Ben
eth1 is under switch0
switch switch0 {
address 192.168.1.1/24
description Local
mtu 1500
switch-port {
interface eth1 {
}
interface eth2 {
}
interface eth3 {
}
interface eth4 {
}
vlan-aware disable
}
} So you are saying remove eth1 from switch0 or apply rule on switch0?