Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[chenks]

the edgeroute is being powered by its own PSU (12v 2A), and the AP is powered with it's own injector.
so no power issues anywhere.

the main issue i need to resolve right now are the firewall issues which clearly isn't working as intended.
even though i have apparently opened up port 80 i can't get access in from the outside world.
from what is happening it looks like it has applied the firewall rules only to the internal side of the network and not the external.

basically for internal everything should be accessible with no blocked ports. for external only the ports specifically listed should be open. that doesn't seem to be working.

currently the set up is this.

zyxel connected to eth0
eth1,2,3,4 are just normal ports for the network (POE turned off on eth4).
DHCP range is 192.168.1.x (with lease range starting at 192.168.1.100).

[MrMike]

Did you try restarting the DHCP service, or if you're not comfortable with SSH commands tried a reboot?

On the main dashboard page, does pppoe0 have a public IP address assigned to it, not an IP address in a private address range? Trying to determine if there's some double NAT situation going on.

My firewall page looks like this. Both WAN_IN and WAN_LOCAL have the same 2 firewall rules in them.

[MrMike]

As an added note, I never added an IP address in the DHCP settings for "Unifi Controller". Can't see it causing issues, but perhaps remove that entry until we've resolved the AP-Lite connectivity issues.

[chenks]

haven't tried restarting DHCP as of yet, but new devices are picking up IPs in the lease range, so would assume that is working as expected.
but i have now restarted DHCP via the CLI.

pppoe0 shows my plusnet IP address (212.x.x.x)

my firewall screen looks the same as yours.

[chenks]

As an added note, I never added an IP address in the DHCP settings for "Unifi Controller". Can't see it causing issues, but perhaps remove that entry until we've resolved the AP-Lite connectivity issues.

i only added that at the very end after the problems were already in place.
i thought/hoped adding that would kick the unifi controller back into life.

[MrMike]

The only thing I can suggest at this stage is reboot the Edgerouter and power off the AP-Lite for a few minutes. Rebooting the router does not cause the modem to perform a re-sync with the cabinet/dslam/exchange etc. So no worries with regards to being negatively impacted for interleaving etc.

[chenks]

forget about the AP-lite for now, that's working (it's just not visible in the controller).
the primary problem is the firewall and inaccessible LAN items, and ports not openeing on WAN.

the edgerouter has been rebooted since the firewall rules were added.

[MrMike]

Just doing some checking online. On the Port Forwarding page click "Show advanced options" and ensure "Enable auto firewall" is enabled.

Failing that I'll keep digging.

[MrMike]

How savvy are you with SSH commands? SSH in to the router and list the configuration with the command "show configuration | no-more"  Once that's output scroll up a little and find the section heading "port-forward" If you can paste that section I can take a further look.

Amongst the port-forward settings the following should be present and not read any differently.

    auto-firewall enable
    hairpin-nat enable
    lan-interface switch0
    wan-interface pppoe0

[chenks]

Just doing some checking online. On the Port Forwarding page click "Show advanced options" and ensure "Enable auto firewall" is enabled.

Failing that I'll keep digging.

yeah that's ticked and was ticked when the rules were applied

[chenks]

How savvy are you with SSH commands? SSH in to the router and list the configuration with the command "show configuration | no-more"  Once that's output scroll up a little and find the section heading "port-forward" If you can paste that section I can take a further look.

Amongst the port-forward settings the following should be present and not read any differently.

    auto-firewall enable
    hairpin-nat enable
    lan-interface switch0
    wan-interface pppoe0

fine with using SSH, use it on my Pis.

[chenks]

Code: [Select]

port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface switch0
rule 1 {
description http
forward-to {
address 192.168.1.2
port 80
}
original-port 80
protocol tcp
}
rule 2 {
description plex
forward-to {
address 192.168.1.2
port 32400
}
original-port 32400
protocol tcp

}
rule 3 {
description sql2000
forward-to {
address 192.168.1.5
port 1433
}
original-port 1433
protocol tcp
}
rule 4 {
description ftp
forward-to {
address 192.168.1.6
port 21
}
original-port 21
protocol tcp
}
wan-interface eth0
}

[MrMike]

Apologies, I've been completely blind with the original Port Forward page screenshot you posted. Change the "WAN Interface" on the Port Forwarding page to pppoe0.

[chenks]

ah ok.
i picked eth0 as that's what the modem is connected to, not thinking that pppoe0 would be the correct option.

i can now access the required devices from outside the network, and internal traffic appears to be fully accessible.
that will let me concentrate on the unifi side of things now.

i'll also get the modem accessable on the LAN using the instructions posted earlier.

also, on the screen for DNS, there are only 2 fields, with 1 populated with the IP of the router.
i usually enter the 2 google DNS servers, but this only allows me to use 1.
is it possible to get it to have both google DNS servers entered?

[MrMike]

With regards to the DNS, when in the Edgerouter UI click the System button right at the bottom of the page. That will bring up a menu. Here enter your desired nameservers in the boxes provided. Once done scroll to the bottom of this page and press the Save button.

With my setup, on the DCHP settings page that you posted a screenshot of, I only have the 1 IP of the Edgerouter itself. Then in the nameservers page I mentioned above I set the custom external nameservers.

I also recommend clicking the button on the System page to download a copy of the config. Speeds up the recovery time in the event you need to reset the Edgerouter / replace it for whatever reason. I actually tested it a while back and it worked perfectly.