config.boot file limitations? Rule limitations?
Say I was creating a DNAT rule, or firewall rule and added 7000 or so lines to it. Is this beyond what the ER-POE is designed to handle? My specific situation is one of trying to block 7700 DNS...
View ArticleClik here to view.
Fix me up edgerouter / lite / poe / x
Hi all, FYI, We've been struggling with several 'freeze' failures on the: Edgerouter LiteEdgerouter Poe and recently, Edgerouter X I"m talking about about a dozen devices failing... I have a stack of...
View ArticleRe: help with edgerouter-x L2TP VPN
Im seeing similar issues. My vpn clients can reach the internet no problem, but for whatever reason can't reach ony of the clients hanging off from switch0 interface. I tried with addresses both within...
View ArticleER-X - Secondary Network Via Separate Interface or VLAN?
I have a device that I'd like to set up on its own isolated network on my ER-X. Is there any reason to use a VLAN rather than splitting off a port onto a separate interface? I looked around a bit but...
View ArticleRe: Update to 1.9 broke my l2tp/ipsec
Thanks for the tip.. Indeed, I was seeing that the incoming packets were basically following the default route out back to the internet (took quite a while to troubleshoot, but adding a raw iptables...
View ArticleClik here to view.
[ER-X] IPsec VPN Performance
I've been using ER-X at home for a few weeks. It's my first Edgerouter. Very happy with it so far With EdgeOS v1.9.0, we know ER-X supports HW crypto. I've seen impressive numbers from earlier tests...
View ArticleRe: ER-X - Secondary Network Via Separate Interface or VLAN?
Using a new VLAN on switch0 or splitting of a port from the switch is both functional and performance wise the same.
View ArticleRe: Port forward did not work when IP is behind PIA OpenVPN
The port-forward tab you're using is only for simple setups, when only a single WAN/single IP address is involved. Because of the VPN, you sort of have 2 WAN interfaces. The extra portforward you...
View ArticleRe: config.boot file limitations? Rule limitations?
address/network groups can hold that many objects. Why block that much DNS servers? I'd make a rule to allow the DNS servers in use, and block port 53 all together
View ArticleRe: config.boot file limitations? Rule limitations?
I didnt see a way with a DNAT rule to do that. Am I missing some of the config?
View ArticleRe: config.boot file limitations? Rule limitations?
You can use a NAT rule to redirect any DNS queries to your DNS server of choice.
View ArticleRe: Port forward did not work when IP is behind PIA OpenVPN
Can you point me to steps to setup dNAT? Thanks in advance.
View ArticleClik here to view.
Re: Port forward did not work when IP is behind PIA OpenVPN
Is Destination NAT what you are referring to? I have added the above settings, but I still can't hit my synology drive using the WAN's external IP.
View ArticleRe: Using Edge Equipment to split a Leased line for 5 Company's - Challenge!!!
Correct me if I am wrong...but cant you use an ER product and stack the IP's on one port, then NAT between the subnets? I did thes from a single station private IP on a customers house, then to 3...
View ArticleClik here to view.
Re: Using Edge Equipment to split a Leased line for 5 Company's - Challenge!!!
I think your right it can be done like that I was going to do this originally if where on the same page we talking about 1 to 1 Nat from the ER and the creating rules dnat and snat?But I've been told...
View ArticleRe: ATT IPv6 6rd with Pace 5268AC and ER X: Help needed for 6rd IPv6 setup
I'm missing the following in your config:set system ipv6did you set this?my experience was it's always best to reboot the ER-X after setting this command. what's the output ofshow ipv6 forwardingbefore...
View ArticleEdgePoint
I have an Edgepoint which I want to set-up. I'm running PoE from an injector which goes then to my home wifi router. However my internet connection comes in via a wireless link bridge (PB400 5AC) which...
View ArticleRe: config.boot file limitations? Rule limitations?
For allowing and blocking stuff (like DNS), firewall rules are the way to go. Filtering on NAT rules is hardly ever needed.
View ArticleRe: Port forward did not work when IP is behind PIA OpenVPN
dNAT rule looks fine, as destination address you could specify VTUN interface address. However, on 2nd reading, I believe synology should still be reachable on port 5000 WAN , not from VTUN.This means...
View ArticleRe: config.boot file limitations? Rule limitations?
If you want to enforce a set of DNS servers I think it's much more elegant to use a simple NAT rule to redirect any DNS traffic to the DNS server of your choice, which might be the ruter itself so it...
View Article