Help! But not urgent help.
Its a rainy day, and I'm studying an Edgeos router config to better understand how things are woring. That, and change the HTTPS port, since I currently 443 to be forwarded somewhere else.... But Here's the question at hand: Most of this config was GUI generated, and the remainder was CLI modified. What I'm wondering is how the eth1 port can possibly work. The eth1 port is connected to a 24 port switch, and eth2, eth3, eth4 are basically an 'extension' to this switch. At leat that's what I intended. What I don't understand is how eth1 can work. Its defined as network 192.168.0.1, and 'everything else' is 192.168.1.1. Now, the netowork works, but it seems like I should make the following changes:
1) delete the 'shared-network-name' section LAN1
2) change the 'ethernet eth1' section to 192.168.1.1
3) change all of the 'Local 2' descriptions to maybe 'Local Switch' or something, since the '2' means nothing
Comments? Alternatives? Explaination as to how eth1 works now?
Thanks,
Kirby
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
:
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 1 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 2 {
action accept
description Remote_access
destination {
port 80,443
}
log disable
protocol tcp
}
rule 3 {
action accept
description SSH
destination {
port 2222
}
log enable
protocol tcp
source {
}
}
rule 4 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 70.35.96.66/26
description Internet
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
poe {
output off
}
speed auto
}
ethernet eth1 {
address 192.168.0.1/24
description Local
duplex auto
poe {
output off
}
speed auto
}
ethernet eth2 {
description "Local 2"
duplex auto
poe {
output off
}
speed auto
}
ethernet eth3 {
description "Local 2"
duplex auto
poe {
output off
}
speed auto
}
ethernet eth4 {
description "Local 2"
duplex auto
poe {
output off
}
speed auto
}
loopback lo {
}
switch switch0 {
address 192.168.1.1/24
description "Local 2"
mtu 1500
switch-port {
interface eth2
interface eth3
interface eth4
}
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface switch0
rule 1 {
description HTTP
forward-to {
address 192.168.1.15
port 80
}
original-port 80
protocol tcp
}
rule 2 {
description Tarantella
forward-to {
address 192.168.1.15
port 3144
}
original-port 3144
protocol tcp
}
rule 3 {
description "HM IPMI"
forward-to {
address 192.168.1.40
port 881
}
original-port 881
protocol tcp_udp
}
rule 4 {
description "HM IPMI"
forward-to {
address 192.168.1.40
port 883
}
original-port 883
protocol tcp_udp
}
rule 5 {
description "HM IPMI"
forward-to {
address 192.168.1.40
port 623
}
original-port 623
protocol tcp_udp
}
rule 6 {
description "HM IPMI"
forward-to {
address 192.168.1.40
port 5900
}
original-port 5900
protocol tcp_udp
}
rule 7 {
description "VM ESXi"
forward-to {
address 192.168.1.50
port 443
}
original-port 443
protocol tcp_udp
}
rule 8 {
description "VM ESXi"
forward-to {
address 192.168.1.50
port 902
}
original-port 902
protocol tcp_udp
}
rule 9 {
description "Lorex 80"
forward-to {
address 192.168.1.6
port 1080
}
original-port 1080
protocol tcp_udp
}
rule 10 {
description "Lorex Stratus"
forward-to {
address 192.168.1.6
port 8000
}
original-port 8000
protocol tcp_udp
}
rule 11 {
description "Lorex Mobile"
forward-to {
address 192.168.1.6
port 1025
}
original-port 1025
protocol tcp_udp
}
wan-interface eth0
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN1 {
authoritative disable
subnet 192.168.0.0/24 {
default-router 192.168.0.1
dns-server 192.168.0.1
lease 86400
start 192.168.0.38 {
stop 192.168.0.243
}
}
}
shared-network-name LAN2 {
authoritative disable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 192.168.1.20
dns-server 192.168.1.1
domain-name NAVSOMINN.local
lease 86400
start 192.168.1.100 {
stop 192.168.1.199
}
}
}
}
dns {
forwarding {
cache-size 150
listen-on eth1
listen-on eth0
options server=/NAVSOMINN.local/192.168.1.20
options server=/1.168.192.in-addr.arpa/192.168.1.20
}
}
gui {
https-port 443
}
nat {
rule 5010 {
outbound-interface eth0
type masquerade
}
}
ssh {
port 2222
protocol-version v2
}
}
system {
domain-name NAVSOMINN.local
gateway-address 70.35.96.65
host-name ubnt
login {
user admin {
authentication {
encrypted-password ****************
plaintext-password ****************
}
full-name SOMINN
level admin
}
}
name-server 70.35.96.34
name-server 70.35.96.35
name-server 8.8.8.8
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
}
vpn {
ipsec {
ipsec-interfaces {
interface eth0
}
nat-networks {
allowed-network 0.0.0.0/0 {
}
}
nat-traversal enable
}
l2tp {
remote-access {
authentication {
mode radius
radius-server 192.168.1.20 {
key ****************
}
}
client-ip-pool {
start 192.168.1.200
stop 192.168.1.210
}
ipsec-settings {
authentication {
mode pre-shared-secret
pre-shared-secret ****************
}
ike-lifetime 3600
}
mtu 1024
outside-address 70.35.96.66
}
}
}