Quantcast
Channel: All EdgeRouter posts
Viewing all 60861 articles
Browse latest View live

Re: Edgerouter: Why bridge?

May 28, 2019, 3:45 am
$
0
0

 

Thanks Maarten 

 

so it’s purely to have equipment on the same lan. 

 

Other than having items items on the same lan, is there any advantage, performance or ortherwise, in bridging rather than routing between lans?

 

I have Hikvision ip cameras and  nvr. I’d like to have them on a separate lan. 

I’ll need remote access to them but also want to view them internally. 

 

The the cameras are currently on a TP-Link Poe switch. I’m hoping to keep them on this switch and have all other gear in the EdgeSwitch. 

 

 

Would connecting the camera lan to a separate port on the router and routing between lans be a better solution to having everything on the EdgeSwitch with VLANs on the switch using router on a stick setup?

 

hope this makes sense 

Tim

Search

EdgeMAX OSPF

May 28, 2019, 4:05 am
$
0
0

German:

 

Hallo,
ich habe eine PFSENSE und Zwei Edgerouter würde gerne mit Diesen OSPF fahren aber irgendwie will es nicht jemand eine Idee?

 

Englisch:

Hello,
I have a PFSENSE and two Edgerouter would like to drive with this OSPF but somehow it does not want someone an idea?

Block custom URL in EdgeOS

May 28, 2019, 4:22 am
$
0
0

Hello

 

I am trying to find online guides but to no avail.

 

I need to block all devices in my network from reaching a certain domain. Basically any communication to or from that domain needs to be stopped.

 

Using an Edgerouter 12 on v2.0.1

Re: Edgerouter - Dnsmasq - Load Balancing

May 28, 2019, 4:41 am
$
0
0

I was able to solve it, my mistake was to have changed the default routes from automatic to manual. Now it's all working.

Re: SNMP v3 keys saved in plain text

May 28, 2019, 5:27 am
$
0
0
 wrote:

 

I'd almost want to suggest creating a Feature Request to address this, which probably wouldn't be a bad idea.  However to me this is more of a deficiency than a missing feature.  

 

 

Agreed, it seems it should have been implemented as soon as SNMP v3 was.

 

What would be the best way to get vendor's attention/input on this? Should this thread be escalated, or is there some other way to report things of this nature?

 

Re: Help in configuring EdgeRouter inter VLAN communication

May 28, 2019, 5:28 am
$
0
0
inter VLAN routing is allowed by default. Here is some common problems: 1. Windows disables communication outside your own subnet by default. 2. Your expecting Layer 2 discovery protocols to work. Either way, it is probably not a router problem.

Re: Edgerouter: Why bridge?

May 28, 2019, 5:34 am
$
0
0

Having devices on the same switch will be faster than going through a router, although for a home situation I doubt that you will notice the performance differences, this a case: try it out for your situation!

 

For me the decision to put devices on another LAN/VLAN is more about security and perfornance optimization. Seperating into VLANs is good to limit the broadcast domain.

 

In your case, I would put the camera's and NVR in a seperate VLAN on the same EdgeSwitch.

 

Hope this helps.

 

- Maarten

Re: EdgeMax rescue kit (now you can reinstall EdgeOS from scratch)

May 28, 2019, 5:50 am
$
0
0

Hello!

 

Is this flash drive suitable for USG-pro-4?

 

 

 

Search

Edgerouter x two wans and two lans

May 28, 2019, 5:51 am
$
0
0

Hi

I have read a lot on this and still not sure on how best to aproach this, I have two Fibre lines first going in two eth0 and second going in to eth4.

 

What I want is

eth0 wan to output to eth1 in to a switch ( All devices on this switch can see each other as well as the devices on eth3 switch)

eth4 wan to output to eth3 in to a switch ( All devices on this switch can only see devices on this switch)

 

The reaon is I have CCTV on eth3.

edge router x dead (?)

May 28, 2019, 6:30 am
$
0
0

Hello,

 

I've bought a EdgeRouter X and i think i've "killed" the router (????):

 

I'e setted up the basic configuration, creating the switch0, tested the firewall with opening some very high port (> 60000), then i plug the Internet cable and all was fine: surf, download,...

 

Then on system tab i changed the name of the device (from ubnt to edgerouterX), setting up a new user with admin rights for security purpose and delete the ubnt user.

 

Then i reboot...and since this time (3 hours ago) it looks like the router is partially dead:

 

- only power led and eth0 are working fine

- the others led are not working except when i reset the router. 

 

Of course i've worked only with a direct connexion from PC ---> EdgeRouter X and the PC network config is correct: i'm on a 192.168.1.0/24 range with dhcp disable...

 

But i can't access to WebUI, ping on 192.168.1.1 are not working, wireshark and nmap are not seeing the device...all leds are off when i plug the cable, only pwr and eth0 are working when i'm connecting the ethernet cable on eth0, i've resetted the router many times, but the result is the same: no WebUI, no ping, nothing... 

 

What's happen ? i've killed the router ? I'm going to be crazy Man Sad 

 

PS: i've 2 backup from the setting, one before the initial setup and the second a few seconds before the fatal reboot...

 

 

 

 

 

Re: Block custom URL in EdgeOS

May 28, 2019, 6:24 am
$
0
0
This is a more complicated question than you might realize.

If you use the router's internal DNS forwarder, you can make that domain return a null IP or no record when looked up. But savvy users would be able to easily overcome this by changing the DNS server their device uses.

So you'd need to implement a NAT rule to intercept requests to other DNS servers and redirect them to the router.

Even so, anyone can simply enter the IP address that maps to the server in question and get there, so you need firewall rules to block access to those IPs. Whether this is 1 IP or 1,000 depends on the domain. What are you trying to block?

Re: Edgerouter: Why bridge?

May 28, 2019, 6:26 am
$
0
0

Maarten,

Thanks a million for all the info. 

Clears up my questions. 

I’ll go the vlan way but will check the routed scenario and report back. 

 

Thanks again

Tim. 

Route 0.0.0.0/24 automatically added on ETH2

May 28, 2019, 6:44 am
$
0
0

Hello,

 

The other day I was trying to connect to a different company router, which i connected to my ETH2, set up ETH2 to receive an IP using DHCP, and connected it to one of the LAN ports on the other router.  For some reason, right away a route was added 0.0.0.0/24 on ETH2 in addition to the 0.0.0.0/24 route i have on my real internet connection which is connected on ETH0.  I did not want that second default route added and not sure why it automatically got added.

 

This is for an ERLite-3

 

Thanks!

 

Re: ER-X How to Create a static route for multicast IP address of 234.46.30.7

May 28, 2019, 7:02 am
$
0
0

Good day 16again,

 

Thank you for your post!  I will review the info and give it a try!

 

Cheers,

 

Sam

NATing UDP packets to broadcast address of subnets

May 28, 2019, 7:05 am
$
0
0

Hello everyone,

 

I have an Edge Router X (v1.10.9).

 

The Edge Router is between two portions of the lan, LAN1(eth0) and LAN2(eth1).

 

On LAN1 I am sending 5 different unicast signals toward the edge router LAN1 interface on port 6900, 6901, 6902, 6903, 6904.

On LAN2 I have 5 IP subnets (10.0.1.0, 10.0.2.0, 10.0.3.0, 10.0.4.0, 10.0.5.0 all /24).

What I would like to do is to forward those unicast signals and send them to the broadcast address of one of the subnets while changing the port meaning:

I want the 6900 to go 10.0.1.255 on port 6800 and

6901 to go to 10.0.2.255 port 6800 etc..

 

Now on my edge router I can NAT the port 6900 signal to a unicast address on 10.0.1.0. It works.

The moment I ask it to send this to the broadcast address, interface goes silent.

 

Is there a way to do that using the Edge router? If not, using any other unifi device?

thank you very much.

 

 

Search

Unable to open port via port forwarding.

May 28, 2019, 7:24 am
$
0
0

I'm trying to open up the port 1194 and direct it to 192.168.0.6

I have set up port forwarding, however nothing i do allows me to see the port as open. i have confirmed it's opened on the 192.168.0.6 sever

 

firewall {
    all-ping enable
    broadcast-ping disable
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name WAN_IN {
        default-action drop
        description "WAN to internal"
        rule 20 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 30 {
            action accept
            description "Drop invalid state"
            log disable
            state {
                invalid enable
            }
        }
    }
    name WAN_LOCAL {
        default-action drop
        description "WAN to router"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 50 {
            action accept
            description nat-t
            destination {
                port 4500
            }
            log disable
            protocol udp
        }
    }
    options {
        mss-clamp {
            mss 1412
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
interfaces {
    bridge br0 {
        address 192.168.0.254/24
        aging 300
        bridged-conntrack disable
        description "Local Bridge"
        hello-time 2
        max-age 20
        priority 32768
        promiscuous enable
        stp false
    }
    ethernet eth0 {
        address *************/29
        description "Internet (PPPoE)"
        duplex auto
        pppoe 0 {
            default-route auto
            firewall {
                in {
                    name WAN_IN
                }
                local {
                    name WAN_LOCAL
                }
            }
            mtu 1492
            name-server auto
            password ****************
            user-id *************
        }
        speed auto
    }
    ethernet eth1 {
        bridge-group {
            bridge br0
        }
        description "Local Bridge"
        duplex auto
        speed auto
    }
    ethernet eth2 {
        bridge-group {
            bridge br0
        }
        description "Local Bridge"
        duplex auto
        speed auto
    }
    loopback lo {
    }
}
port-forward {
    auto-firewall enable
    hairpin-nat enable
    lan-interface eth1
    rule 1 {
        description ""
        forward-to {
            address 192.168.0.250
        }
        original-port 6281
        protocol tcp_udp
    }
    rule 2 {
        description ""
        forward-to {
            address 192.168.0.250
        }
        original-port 9999
        protocol tcp_udp
    }
    rule 3 {
        description ""
        forward-to {
            address 192.168.0.250
        }
        original-port 9998
        protocol tcp_udp
    }
    rule 4 {
        description ""
        forward-to {
            address 192.168.0.250
        }
        original-port 9997
        protocol tcp_udp
    }
    rule 5 {
        description ""
        forward-to {
            address 192.168.0.250
        }
        original-port 137
        protocol tcp_udp
    }
    rule 6 {
        description ""
        forward-to {
            address 192.168.0.250
        }
        original-port 138
        protocol tcp_udp
    }
    rule 7 {
        description ""
        forward-to {
            address 192.168.0.250
        }
        original-port 139
        protocol tcp_udp
    }
    rule 8 {
        description ""
        forward-to {
            address 192.168.0.250
        }
        original-port 445
        protocol tcp_udp
    }
    rule 9 {
        description ""
        forward-to {
            address 192.168.0.3
            port 80
        }
        original-port http
        protocol tcp_udp
    }
    rule 10 {
        description ""
        forward-to {
            address 192.168.0.3
            port 443
        }
        original-port https
        protocol tcp_udp
    }
    rule 11 {
        description grfana
        forward-to {
            address 192.168.0.11
        }
        original-port 3000
        protocol tcp
    }
    rule 12 {
        description ""
        forward-to {
            address 192.168.0.254
        }
        original-port 47
        protocol tcp_udp
    }
    rule 13 {
        description ""
        forward-to {
            address 192.168.0.3
        }
        original-port 25
        protocol tcp_udp
    }
    rule 14 {
        description ""
        forward-to {
            address 192.168.0.6
            port 1194
        }
        original-port 1194
        protocol udp
    }
    rule 15 {
        description ""
        forward-to {
            address 192.168.0.6
            port 1194
        }
        original-port 1194
        protocol udp
    }
    wan-interface pppoe0
}
service {
    dhcp-server {
        disabled false
        hostfile-update disable
        shared-network-name LAN_BR {
            authoritative enable
            disable
            subnet 192.168.0.0/24 {
                default-router 192.168.0.254
                dns-server 192.168.0.254
                lease 86400
                start 192.168.0.38 {
                    stop 192.168.0.243
                }
            }
        }
        use-dnsmasq disable
    }
    dns {
        dynamic {
            interface pppoe0 {
                service dyndns {
                    host-name *************
                    login *************
                    password ****************
                    server *************
                }
                web dyndns
            }
        }
        forwarding {
            cache-size 150
            listen-on br0
        }
    }
    gui {
        http-port 442
        https-port 8443
        older-ciphers enable
    }
    nat {
        rule 1 {
            description Emails
            destination {
                address *************
            }
            inbound-interface pppoe0
            inside-address {
                address 192.168.0.3
            }
            log disable
            type destination
        }
        rule 5000 {
            description Emails
            destination {
            }
            log disable
            outbound-interface pppoe0
            outside-address {
                address *************
            }
            protocol all
            source {
                address 192.168.0.3
            }
            type source
        }
        rule 5001 {
            description "Internet (PPPoE)"
            log disable
            outbound-interface pppoe0
            type masquerade
        }
    }
    ssh {
        port 22
        protocol-version v2
    }
    ubnt-discover {
        disable
    }
}
system {
    host-name ubnt
    login {
        user administrator {
            authentication {
                encrypted-password ****************
            }
            level admin
        }
        user jkirkpatrick {
            authentication {
                encrypted-password ****************
                plaintext-password ****************
            }
            full-name "*************"
            level admin
        }
    }
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    offload {
        hwnat disable
        ipv4 {
            forwarding enable
            pppoe enable
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone Europe/London
    traffic-analysis {
        dpi enable
        export enable
    }
}
vpn {
    pptp {
        remote-access {
            authentication {
                local-users {
                    username ************* {
                        password ****************
                    }
                    username ************* {
                        password ****************
                    }
                }
                mode local
            }
            client-ip-pool {
                start 192.168.0.30
                stop 192.168.0.40
            }
            dns-servers {
                server-1 192.168.0.1
                server-2 192.168.0.2
            }
            outside-address *************
        }
    }
}

Re: Custom DNS resolver with PPPOE Server

May 28, 2019, 7:29 am
$
0
0

Does anyone have a solution to this? Please help.

Re: ER-12 not routing between interfaces 0-7 (removed from switch)

May 28, 2019, 8:03 am
$
0
0

 that is what I tried to do.  In the netplan.yaml file (previous posting) I only gave brmngt a host address, and included brdata without a host address.  This did not work.  What is the correct netplan syntax/method for creating a bridge that the guests (lxd) can use that does not screwup my host routing?

 

Thank you

Re: Windows 10 will not connect to L2TP IPSec VPN

May 28, 2019, 8:15 am
$
0
0
I thought i would update this post to reflect that i did test the VPN connection from an Android tablet and it seems to perform as expected. So still the only problem is with Windows connections.

Re: Flashing MMC on EdgeRouter PRO

May 28, 2019, 8:29 am
$
0
0

Dear All,

 

Please help find EdgeOS image from working EdgeRouter Infinity ER-8-XG.

 

Thank You.

Viewing all 60861 articles
Browse latest View live
Search