Well that didn't help, after applying that config the clients of that subnet were without internet connection,
This is the router config:
firewall {
all-ping enable
broadcast-ping disable
group {
address-group prefer-eth2 {
address 192.168.23.40
}
address-group prefer-sw0 {
address 192.168.23.41
address 192.168.23.42
address 192.168.23.43
address 192.168.23.44
address 192.168.23.56
}
network-group LAN_NETS {
network 192.168.20.0/24
network 192.168.21.0/24
network 192.168.22.0/24
network 192.168.23.0/24
network 192.168.25.32/27
network 192.168.24.0/24
network 192.168.33.0/24
network 192.168.43.0/24
network 192.168.1.0/24
network 192.168.10.0/24
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
modify balance {
rule 10 {
action modify
description "do not balance LAN to LAN"
destination {
group {
network-group LAN_NETS
}
}
modify {
table main
}
}
rule 20 {
action modify
description "route miners network to miners LB"
modify {
lb-group miners
}
source {
address 192.168.1.0/24
}
}
rule 30 {
action modify
description "route prefer-sw0 to the prefer-sw0 load balance"
modify {
lb-group prefer-sw0
}
source {
group {
address-group prefer-sw0
}
}
}
rule 40 {
action modify
description "route prefer-eth2 to the prefer-eth2 load balance"
modify {
lb-group prefer-eth2
}
source {
group {
address-group prefer-eth2
}
}
}
rule 50 {
action modify
description "default: go to balance"
modify {
lb-group LB-LAN
}
}
}
name Miners_Out {
default-action accept
description ""
rule 1 {
action accept
log disable
protocol all
source {
mac-address 09:15:5F:07:0F:03
}
}
rule 2 {
action drop
log disable
protocol all
source {
group {
network-group LAN_NETS
}
}
}
}
name WAN_IN {
default-action drop
description ""
rule 1 {
action accept
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 2 {
action drop
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
}
name WAN_LOCAL {
default-action drop
description ""
rule 1 {
action accept
state {
established enable
related enable
}
}
rule 2 {
action accept
description "Allow PPTP Port 1723"
destination {
port 1723
}
log disable
protocol tcp
}
rule 3 {
action accept
description "Allow PPTP GRE"
log disable
protocol gre
}
}
name Wifi_Guests {
default-action accept
description ""
rule 2 {
action drop
description "Guests to LAN-MAN"
destination {
address 192.168.20.0-192.168.25.63
group {
}
}
log disable
protocol all
source {
group {
}
}
}
rule 3 {
action drop
description "Wifi Guests to Wifi Main"
destination {
group {
address-group NETv4_eth1
}
}
log disable
protocol all
}
rule 4 {
action drop
description "Guests to Miners"
destination {
group {
address-group NETv4_eth0.12
}
}
log disable
protocol all
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 192.168.23.1/24
description LAN
duplex auto
firewall {
in {
modify balance
}
}
poe {
output off
}
speed auto
vif 12 {
address 192.168.1.1/24
description Miners
firewall {
in {
modify balance
}
out {
name Miners_Out
}
}
mtu 1500
}
}
ethernet eth1 {
address 192.168.33.1/24
description WiFi_Main
duplex auto
firewall {
in {
modify balance
}
}
poe {
output 24v
watchdog {
address 192.168.33.2
failure-count 6
interval 20
off-delay 5
start-delay 120
}
}
speed auto
vif 1200 {
address 192.168.43.1/24
description WiFi_Guests
firewall {
in {
modify balance
name Wifi_Guests
}
out {
}
}
mtu 1500
}
}
ethernet eth2 {
address dhcp
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
poe {
output 24v
watchdog {
address 192.168.10.1
failure-count 4
interval 120
off-delay 30
start-delay 120
}
}
speed auto
}
ethernet eth3 {
duplex auto
poe {
output 24v
watchdog {
address 192.168.25.52
disable
failure-count 6
interval 20
off-delay 5
start-delay 120
}
}
speed auto
}
ethernet eth4 {
duplex auto
poe {
output off
watchdog {
address 192.168.10.1
disable
failure-count 6
interval 20
off-delay 5
start-delay 120
}
}
speed auto
}
loopback lo {
}
openvpn vtun0 {
config-file /config/TigerVpnMiami.ovpn
disable
}
switch switch0 {
address 192.168.25.53/27
description MAN
firewall {
in {
modify balance
}
}
mtu 1500
switch-port {
interface eth3
interface eth4
}
}
}
load-balance {
group LB-LAN {
interface eth2 {
route-test {
count {
failure 3
success 2
}
initial-delay 30
interval 10
type {
ping {
target 8.8.8.8
}
}
}
weight 60
}
interface switch0 {
route {
table 5
}
route-test {
count {
failure 3
success 2
}
initial-delay 30
interval 10
type {
ping {
target 8.8.8.8
}
}
}
weight 40
}
}
group miners {
interface eth2 {
failover-only
route-test {
count {
failure 2
success 5
}
initial-delay 30
interval 3
type {
ping {
target 8.8.8.8
}
}
}
weight 10
}
interface switch0 {
route {
table 5
}
route-test {
count {
failure 4
success 2
}
initial-delay 30
interval 10
type {
ping {
target 8.8.8.8
}
}
}
weight 10
}
}
group prefer-eth2 {
interface eth2 {
route-test {
count {
failure 6
success 2
}
initial-delay 60
interval 10
}
}
interface switch0 {
failover-only
route {
table 5
}
route-test {
count {
failure 6
success 2
}
initial-delay 60
interval 10
}
}
}
group prefer-sw0 {
interface eth2 {
failover-only
route-test {
count {
failure 6
success 2
}
initial-delay 60
interval 10
}
}
interface switch0 {
route {
table 5
}
route-test {
count {
failure 6
success 2
}
initial-delay 60
interval 10
}
}
}
}
protocols {
igmp-proxy {
interface eth0 {
alt-subnet 192.168.23.0/24
alt-subnet 192.168.22.0/24
alt-subnet 192.168.33.0/24
alt-subnet 192.168.25.32/27
role upstream
threshold 1
}
interface eth1 {
alt-subnet 192.168.33.0/24
role downstream
threshold 1
}
interface switch0 {
alt-subnet 192.168.25.32/27
alt-subnet 192.168.22.0/24
role downstream
threshold 1
}
}
rip {
interface switch0
interface eth0
interface eth1
interface eth2
passive-interface eth0
passive-interface eth1
passive-interface eth2
}
static {
table 5 {
mark 5
route 0.0.0.0/0 {
next-hop 192.168.25.50 {
distance 1
}
}
}
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN_Main {
authoritative disable
subnet 192.168.23.0/24 {
default-router 192.168.23.1
dns-server 192.168.23.11
dns-server 192.168.23.1
domain-name plastisurca.com.ve
lease 86400
start 192.168.23.50 {
stop 192.168.23.99
}
wins-server 192.168.23.13
}
}
shared-network-name Miners {
authoritative disable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 209.244.0.3
dns-server 8.8.8.8
lease 86400
start 192.168.1.10 {
stop 192.168.1.39
}
}
}
shared-network-name WiFi_Guests {
authoritative disable
subnet 192.168.43.0/24 {
default-router 192.168.43.1
dns-server 192.168.23.11
dns-server 192.168.23.1
lease 86400
start 192.168.43.50 {
stop 192.168.43.99
}
}
}
shared-network-name WiFi_Main {
authoritative disable
subnet 192.168.33.0/24 {
default-router 192.168.33.1
dns-server 192.168.23.11
dns-server 192.168.23.1
domain-name plastisurca.com.ve
lease 86400
start 192.168.33.50 {
stop 192.168.33.99
}
unifi-controller 192.168.23.153
}
}
}
dns {
forwarding {
cache-size 150
listen-on eth0
listen-on eth1
listen-on eth1.1200
listen-on eth0.12
name-server 209.244.0.3
name-server 8.8.8.8
name-server 209.244.0.4
name-server 8.8.4.4
options listen-address=192.168.23.1
options listen-address=192.168.1.1
}
}
gui {
https-port 443
}
nat {
rule 5000 {
log disable
outbound-interface switch0
protocol all
source {
address 192.168.33.0/24
}
type masquerade
}
rule 5002 {
log disable
outbound-interface switch0
protocol all
source {
address 192.168.43.0/24
}
type masquerade
}
rule 5003 {
log disable
outbound-interface eth2
protocol all
source {
}
type masquerade
}
rule 5004 {
description miners
log disable
outbound-interface switch0
source {
address 192.168.1.0/24
}
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
login {
user admin {
authentication {
encrypted-password ****************
plaintext-password ****************
}
level admin
}
user xxx {
authentication {
encrypted-password ****************
plaintext-password ****************
}
level operator
}
}
name-server 127.0.0.1
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone America/Caracas
traffic-analysis {
dpi disable
export disable
}
}
traffic-control {
smart-queue Canelon {
download {
ecn enable
flows 1024
fq-quantum 1514
limit 10240
rate 2mbit
}
upload {
ecn enable
flows 1024
fq-quantum 1514
limit 10240
rate 1mbit
}
wan-interface eth2
}
}Thanks!