Re: EdgeRouter Lite v1.9.1.1 and hidden rule allowing tcp 1720 on wan interface
Try:configure set system conntrack modules h323 disable commit save exitOr are you behind an ISP modem, that has the port opened to itself?
View ArticleWhat's the canonical way to isolate interfaces?
Hi all, I wonder what the best way would be to completely isolate the two LAN interfaces on my ERLite-3. So far I created a separate firewall rule for each interface's OUT traffic that looks like this:...
View ArticleClik here to view.
Re: Routing traffic from one subnet to OpenVPN
Ok I'll give that a shot and if that fails I'll post up the config Thanks for all your help!
View ArticleRe: EdgeRouter Lite v1.9.1.1 and hidden rule allowing tcp 1720 on wan interface
I've performed the h323 module disable and tcp 1720 is still open. The wan interface (eth0) is configured to dhcp an address, and is cabled to a fios ont.
View ArticleRe: can't pass LAN traffic over OpenVPN client tunnel
I am on my phone so reading your large config is difficult but here are a few things I would change.Remove the source clauses from both masquerade rules.Remove table 1 and rule 20. Packets not modified...
View ArticleRe: Cant login via Web EdgeRouterX
ubi0_0 220080 158996 56244 74% /root.devaufs 220080 158996 56244 74% /devtmpfs 127364 0 127364 0% /devtmpfs 127488 184 127304 0% /runtmpfs 127488 184 127304 0% /runtmpfs 127488 68 127420 0%...
View ArticleRe: Cant login via Web EdgeRouterX
Please check full sysloghttp://www.datafilehost.com/d/3c4adb24
View ArticleRe: What's the canonical way to isolate interfaces?
zone based firewall can filter traffic the way you want it to:https://help.ubnt.com/hc/en-us/articles/204952154-EdgeRouter-Zone-Policy-CLI-Example
View ArticleRe: EdgeRouter Lite v1.9.1.1 and hidden rule allowing tcp 1720 on wan interface
What's the output of:sudo netstat -an | grep 1720Over here, it doesn't show a thing, and on my ER port 1720 is closed Is UPNP enabled?
View ArticleRe: EdgeRouter Lite v1.9.1.1 and hidden rule allowing tcp 1720 on wan interface
Nothing netstat, so I decided to run tcpdump comparing against a port-forwarded port vs 1720, and there's nothing for 1720. This must be a Verizon fiber terminal thing I never noticed before. They...
View ArticleRe: Inital setup on Edgemax Edgerouter for 500+ concurrent users
rolanderz wrote:Hi Guys, How was the edge Router 8 port pro can handle the 500 users?do you think 500 users can handle the Edge Router 8 port pro?im asking becuase we've just purchased last few days...
View ArticleRe: Inital setup on Edgemax Edgerouter for 500+ concurrent users
Easily - we use ER-Pros as the core routers uplinking our ISP to the carriers with multiple Gigabit connections and they work just fine. At any given time we are serving many thousands of end useres...
View ArticleRe: ERL Performance Testing (with IPSec VPN)
Hi, I've read in several postings that the ER platform should be able to reach 500+ mbps with IPsec. But I'm stupefied, why I can't configure it. After a lot of testing I'm turning to this forum in...
View ArticleRe: EdgeMAX ER-X-SFP or ERPoe-5
Hey, Thanks fro your comprehensive reply, very informative. So I am going for ER-X-SFP. Also was considering USG 3P, but ER-X-SFP seems to have more advanced futures though running the same EdgeOS...
View ArticleRe: Multi-WAN and IPSec...losing my mind
New to this discussion. I just picked up a ERX and ERPOE. I have been trying to get the ipsec vpn working between sites, but have never got them to even connect. I am posting my configs. Can anyone...
View ArticleRe: ERL Performance Testing (with IPSec VPN)
Not going to get 500 Mbps IPSec on the ER-Lite hardware. Not even close. ER-Pro might get over 400 Mbps. ER-Lite (and ER-PoE) will get closer to 150 Mbps.It says so further up this thread. After...
View ArticleRe: Port forwarding get redirected to Login Page
I am sorry but I don't quite get that. Where do I have to use the Wan-IP instead of the Lan-IP? Do I have to change something with the DDNS?
View ArticleRe: Port forwarding get redirected to Login Page
hairpin-nat enables the wan-ip to work from the lan (inside). The lan-ip should work with or without hairpin-nat. If DNS returns the wan-ip when queried from the lan, then you need hairpin-nat to make...
View ArticleRe: IPSEC DHCP interface routing help
None of this works. I re-created a slimmed down version of this configuration and as soon as i introduced the SBR route to the IPSEC tunnel the normal default route stopped working for all traffic....
View Article
