![]() |
Chirurgia cranio-cerebrală minim invazivă
Tehnicile minim invazive impun utilizarea unei tehnologii ultramoderne. Endoscoapele operatorii de diverse tipuri, microscopul operator dedicat, neuronavigația, neuroelectrofiziologia, tehnicile avansate de anestezie, chirurgia cu pacientul treaz reprezintă armamentarium fără de care neurochirurgia prin "gaura cheii" nu ar fi posibilă. Folosind tehnicile de mai sus, tratăm un spectru larg de patologii cranio-cerebrale. www.neurohope.ro |
EdgeRouter X - Ubiquiti - (ER X)
Last Updated: Nov 14 2023 15:38, Started by
wolfydRg
, Nov 09 2019 21:14
·
14

#19
Posted 10 November 2019 - 17:38

Version: v2.0.6 Build ID: 5208541 Build on: 07/08/19 05:08 Copyright: 2012-2018 Ubiquiti Networks, Inc. HW model: EdgeRouter X 5-Port The system currently has the following image(s) installed: v2.0.6.5208541.190708.0508 (running image) (default boot) v2.0.3.5189349.190502.1345 |
#20
Posted 10 November 2019 - 18:01

show system boot-image
daca iti zice ca trebuie sa faci update: add system boot-image (are you sure: y[enter] Dupa ce face update sudo reboot si dupa reboot configure set system offload ipsec enable commit;save; exit dupa show ubnt offload daca nici asa nu merge ipsec, da paste la configuratie show configuration commands | no-more |
#21
Posted 10 November 2019 - 18:49

The system currently has the following boot image installed: Current boot version: e50_002_4c817 Current boot md5sum : 152b37ac18d23006c1787ed8920c1ea2Nu cere update. set firewall all-ping enable set firewall broadcast-ping disable set firewall ipv6-name WANv6_IN default-action drop set firewall ipv6-name WANv6_IN description 'WAN inbound traffic forwarded to LAN' set firewall ipv6-name WANv6_IN enable-default-log set firewall ipv6-name WANv6_IN rule 10 action accept set firewall ipv6-name WANv6_IN rule 10 description 'Allow established/related sessions' set firewall ipv6-name WANv6_IN rule 10 state established enable set firewall ipv6-name WANv6_IN rule 10 state related enable set firewall ipv6-name WANv6_IN rule 20 action drop set firewall ipv6-name WANv6_IN rule 20 description 'Drop invalid state' set firewall ipv6-name WANv6_IN rule 20 state invalid enable set firewall ipv6-name WANv6_LOCAL default-action drop set firewall ipv6-name WANv6_LOCAL description 'WAN inbound traffic to the router' set firewall ipv6-name WANv6_LOCAL enable-default-log set firewall ipv6-name WANv6_LOCAL rule 10 action accept set firewall ipv6-name WANv6_LOCAL rule 10 description 'Allow established/related sessions' set firewall ipv6-name WANv6_LOCAL rule 10 state established enable set firewall ipv6-name WANv6_LOCAL rule 10 state related enable set firewall ipv6-name WANv6_LOCAL rule 20 action drop set firewall ipv6-name WANv6_LOCAL rule 20 description 'Drop invalid state' set firewall ipv6-name WANv6_LOCAL rule 20 state invalid enable set firewall ipv6-name WANv6_LOCAL rule 30 action accept set firewall ipv6-name WANv6_LOCAL rule 30 description 'Allow IPv6 icmp' set firewall ipv6-name WANv6_LOCAL rule 30 protocol ipv6-icmp set firewall ipv6-name WANv6_LOCAL rule 40 action accept set firewall ipv6-name WANv6_LOCAL rule 40 description 'allow dhcpv6' set firewall ipv6-name WANv6_LOCAL rule 40 destination port 546 set firewall ipv6-name WANv6_LOCAL rule 40 protocol udp set firewall ipv6-name WANv6_LOCAL rule 40 source port 547 set firewall ipv6-receive-redirects disable set firewall ipv6-src-route disable set firewall ip-src-route disable set firewall log-martians enable set firewall name WAN_IN default-action drop set firewall name WAN_IN description 'WAN to internal' set firewall name WAN_IN rule 10 action accept set firewall name WAN_IN rule 10 description 'Allow established/related' set firewall name WAN_IN rule 10 state established enable set firewall name WAN_IN rule 10 state related enable set firewall name WAN_IN rule 20 action drop set firewall name WAN_IN rule 20 description 'Drop invalid state' set firewall name WAN_IN rule 20 state invalid enable set firewall name WAN_LOCAL default-action drop set firewall name WAN_LOCAL description 'WAN to router' set firewall name WAN_LOCAL rule 10 action accept set firewall name WAN_LOCAL rule 10 description 'Allow established/related' set firewall name WAN_LOCAL rule 10 state established enable set firewall name WAN_LOCAL rule 10 state related enable set firewall name WAN_LOCAL rule 20 action drop set firewall name WAN_LOCAL rule 20 description 'Drop invalid state' set firewall name WAN_LOCAL rule 20 state invalid enable set firewall receive-redirects disable set firewall send-redirects enable set firewall source-validation disable set firewall syn-cookies enable set interfaces ethernet eth0 address dhcp set interfaces ethernet eth0 description Internet set interfaces ethernet eth0 duplex auto set interfaces ethernet eth0 firewall in ipv6-name WANv6_IN set interfaces ethernet eth0 firewall in name WAN_IN set interfaces ethernet eth0 firewall local ipv6-name WANv6_LOCAL set interfaces ethernet eth0 firewall local name WAN_LOCAL set interfaces ethernet eth0 speed auto set interfaces ethernet eth1 description xxx set interfaces ethernet eth1 duplex auto set interfaces ethernet eth1 speed auto set interfaces ethernet eth2 description xxx set interfaces ethernet eth2 duplex auto set interfaces ethernet eth2 speed auto set interfaces ethernet eth3 description xxx set interfaces ethernet eth3 duplex auto set interfaces ethernet eth3 speed auto set interfaces ethernet eth4 description xxx set interfaces ethernet eth4 duplex auto set interfaces ethernet eth4 poe output off set interfaces ethernet eth4 speed auto set interfaces loopback lo set interfaces switch switch0 address 192.168.1.1/24 set interfaces switch switch0 description Local set interfaces switch switch0 mtu 1500 set interfaces switch switch0 switch-port interface eth1 set interfaces switch switch0 switch-port interface eth2 set interfaces switch switch0 switch-port interface eth3 set interfaces switch switch0 switch-port interface eth4 set interfaces switch switch0 switch-port vlan-aware disable set port-forward auto-firewall enable set port-forward hairpin-nat disable set port-forward rule 1 description Nas set port-forward rule 1 forward-to address xxxx set port-forward rule 1 forward-to port xxx set port-forward rule 1 original-port xxx set port-forward rule 1 protocol tcp_udp set port-forward rule 2 description Unifi set port-forward rule 2 forward-to address xxxxx set port-forward rule 2 forward-to port xxx set port-forward rule 2 original-port xxx set port-forward rule 2 protocol tcp_udp set port-forward rule 3 description Remote set port-forward rule 3 forward-to address xxxx set port-forward rule 3 forward-to port xxx set port-forward rule 3 original-port xxx set port-forward rule 3 protocol tcp_udp set port-forward wan-interface eth0 set service dhcp-server disabled false set service dhcp-server hostfile-update disable set service dhcp-server shared-network-name LAN authoritative enable set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 default-router xxx set service dhcp-server static-arp disable set service dhcp-server use-dnsmasq disable set service dns forwarding cache-size 150 set service dns forwarding listen-on switch0 set service gui http-port xxxx set service gui https-port xxx set service gui older-ciphers enable set service nat rule 5010 description 'masquerade for WAN' set service nat rule 5010 outbound-interface eth0 set service nat rule 5010 type masquerade set service ssh port 22 set service ssh protocol-version v2 set service unms disable set system host-name ubnt set system login user xxxauthentication encrypted-password '$xxxx7' set system login user daniel level admin set system ntp server 0.ubnt.pool.ntp.org set system ntp server 1.ubnt.pool.ntp.org set system ntp server 2.ubnt.pool.ntp.org set system ntp server 3.ubnt.pool.ntp.org set system offload hwnat enable set system offload ipsec enable set system syslog global facility all level notice set system syslog global facility protocols level debug set system time-zone Europe/Bucharest Edited by petman, 10 November 2019 - 18:55. |
#22
Posted 10 November 2019 - 19:24

Pe rand:
1. vad firewall pt ivp6 dar nu vad niciun ipv6. 2. Oricum, la firewall-ul pt ipv6 ar trebui adaugat: configure set firewall ipv6-name WANv6_IN rule 30 action drop set firewall ipv6-name WANv6_IN rule 30 description 'Drop invalid state' set firewall ipv6-name WANv6_IN rule 30 state invalid enable commit; save; exit 3. ipsec e enabled in configuratia ta 4. dhcp - telekom? daca da, parca ei nu ofereau ipv6 pt persoane fizice (asta tangential la punctele de mai sus) 5. ar trebui sa lasi hairpin enabled (daca folosesti port forward din GUI - e mai usor comparativ cu dnat - cu drawback-urile de rigoare din cand in cand) deci configure set port-forward hairpin-nat enable commit; save; exitIarasi, vad port-forward dar e setata doar interfata WAN (eth0) - daca vei seta pana la urma port forward (vad ca ai incercat) sa nu uiti ca interfata ta LAN va fi switch0 nu eth1-2-3 - iti merge port forward? deci configure set port-forward lan-interface switch0 commit; save; exit BBL Ma duc sa dau cu stampila ![]() |
#23
Posted 10 November 2019 - 19:41

PS
configure delete system ntp server 0.ubnt.pool.ntp.org delete system ntp server 1.ubnt.pool.ntp.org delete system ntp server 2.ubnt.pool.ntp.org delete system ntp server 3.ubnt.pool.ntp.org set system ntp server 0.ro.pool.ntp.org set system ntp server 1.ro.pool.ntp.org set system ntp server 2.ro.pool.ntp.org set system name-server 1.1.1.1 set system name-server 9.9.9.9 commit; save; exit la: set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 default-router xxxde ce ai ascuns default? ar trebui sa fie o adresa locala pt ca ai masquarade enabled cred ca 192.168.1.1 Iarasi, la serverul de dhcp nu e definit pool-ul si dns-urile clientilor asadar: configure set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server 1.1.1.1 set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server 9.9.9.9 set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 lease 86400 set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 start 192.168.1.100 stop 192.168.0.200 comit; save; exit iarasi: ai setat set service dns forwarding cache-size 150 set service dns forwarding listen-on switch0 dar niciun name-server pt forwarding configure delete service dns forwarding cache-size 150 set service dns forwarding cache-size 1000 set service dns forwarding listen-on switch0 set service dns forwarding name-server 1.1.1.1 set service dns forwarding name-server 9.9.9.9 commit; save; exit |
#24
Posted 10 November 2019 - 19:42

1+2. n-am ipv6 - cred ca e default activ
3. e enabled dar ai vazut ce returneaza cand cer status 4. nu, IP fix de la UPC (connect box e pus in modul modem) 5. merge port fwd din extern fara probleme. Am NAS+ 1 AP (prin controlerul de pe nas (xpelogy) si un desktop care sunt vizibile din extern. Hairpin e pentru a putea avea access din reteaua interna la un ip extern fwdat la un device din reteaua interna - o explicatie mai tampita n-am putut gasi ![]() Multe chestii nu le-am setat - sunt lasate default (din pacate uneori nu-mi mai ajunge timpul sa le fac pe toate). Edited by petman, 10 November 2019 - 19:44. |
#25
Posted 10 November 2019 - 20:12

#26
Posted 10 November 2019 - 20:17

@JohnnyUSA
nici eu nu stiu de ce naiba am revenit la asus. Cred ca imi place sa mai schimb. Ma mananca sa iau si eu un Edge. Totusi am cheltuit si eu destul. Iar de BF deja am pe lista un produs de peste 1.000 lei (capac de wc cu bideu ![]() @ogo: de amorul artei, crezi ca as putea sa alimentez MK PoE din Edge? Edge parca se alimenteaza la 12V. Am inteles ca trebuie sa schimb adaptorul cu ceva mai potent. |
#27
Posted 10 November 2019 - 22:38

sincer n-am incercat, dar teoretic ti-ar trebuie un 24 passiv poe in er-x si sa-l duci in mkr - teoretic ar trebui sa mearga, ca er-x ia 5w iar hap ac2 vreo 16 min (Max power consumption without attachments) 21 max (Max power consumption).
Ideea e ca trebuie sa alimentezi si er-x-ul tot prin poe nu prin sursa lui. Din asta scazi aia 5W pt er-x si vezi daca va fi stabil mrk. N-am niciun er-x la indemana sa testez ![]() |
#28
Posted 10 November 2019 - 23:00

Asta de exemplu:
POE-24-12W-G (ca sa-l alimentezi) sau POE-24-24W-G si pt mkr. iti trebuie adaptor pe 2 perechi nu pe 4. Edited by ogo, 10 November 2019 - 23:02. |
|
#29
Posted 11 November 2019 - 06:20

Dar de ce zici ca trebuie edge alimentat prin poe? Eu am văzut un clip în care edge era alimentat prin sursa lui și apoi alimenta poe un ap (bine, ap-ul nu era de la alt producator).
Tipul de pe YouTube succes și el ca teoretic trebuie un alimentator mai puternic. |
#30
Posted 11 November 2019 - 08:29

Pt ca AP-ul ala consuma mai putin ca un hap ac2 iar sursa interna face fata. Er-X duce, de exemplu, un unifi ap lite fara probleme (ala consuma max 7w).
|
#31
Posted 11 November 2019 - 09:40

da, am inteles ce zici. Acum am cautat pe site-ul lor: https://www.ui.com/e...x/edgerouter-x/
Ca si specificatii pentru PoE out: *Requires 24V passive PoE or a 12W minimum power adapter (not included). Dar acum nu imi este clar ce inseamna 12W: - 12W inseamna 1A la 12V - 24W inseamna 0.5A la 24V Totusi, cred ca avand la specificatii "24V Passive PoE" ma gandesc ca trebuie un aplimentaotr de 24V insa de ce mergea acel AP la 12? Doar nu ridica si tensiunea ![]() |
#32
Posted 11 November 2019 - 10:36

N-am idee daca se poate si prin jack (daca gasesti un power brick mai puternic) dar sigur prin poe merge.
Nu prea "imi plac" chestiile astea non-standard (i.e. passive poe) si ma feresc in a le utiliza. Stick to the standard: 802.3af/at/bt |
#33
Posted 11 November 2019 - 10:51

[...] Si avand in vedere ca MK necesita 18-28V PoE cred ca mi-am raspuns, nu? trebuie teoretic alimentat Edge la 24V prin jack (min 0.5 A) sau PoE direct....nu? Iei un "MikroTik Gigabit PoE injector" (RBGPOE) se gasesc si pe la vreo 15 lei daca te chinui putin, il infingi in ER-X, vii in el cu cablul de la MikroTik, vii in adaptor cu alimentatorul original de la MikroTik si ai rezolvat problema. |
|
#34
Posted 11 November 2019 - 11:23

Nu, am mai multe prize. Ideea era sa ma joc cu ceva, nicidecum sa fac ceva cu adevarat util
![]() Sa vedem ce aduce BF anul asta... |
#35
Posted 12 November 2019 - 01:07

1+2. n-am ipv6 - cred ca e default activ 3. e enabled dar ai vazut ce returneaza cand cer status 4. nu, IP fix de la UPC (connect box e pus in modul modem) 5. merge port fwd din extern fara probleme. Am NAS+ 1 AP (prin controlerul de pe nas (xpelogy) si un desktop care sunt vizibile din extern. Hairpin e pentru a putea avea access din reteaua interna la un ip extern fwdat la un device din reteaua interna - o explicatie mai tampita n-am putut gasi ![]() Multe chestii nu le-am setat - sunt lasate default (din pacate uneori nu-mi mai ajunge timpul sa le fac pe toate). Inseamna ca nu ai dat paste la toata configuratia ![]() show configuration si pui <code> cand dai paste. hairpin NAT sau NAT loopback sau NAT reflection: (explicatia de pe wiki e cea mai simpla de inteles): Quote Hairpinning is where a machine on the LAN is able to access another machine on the LAN via the external IP address of the LAN/router |
#36
Posted 12 November 2019 - 02:12

HOW TO
Blocare/filtrare BOGONSIPV4 Configuratia sa aplica pentru orice Edgerouter (Cavium sau Mediatek based). Configuratia pleaca de la premisa ca toate celelalte reguli de firewall au fost deja setate (daca s-a folosit quick-setup regulile standard de firewall sunt deja in vigoare). Nu este scopul acestui how to sa explice ce sunt alea BOGONS/Martians, internetul este clarificator pe acest subiect. Pentru o conspectare amanuntita se poate incepe cu RFC1918/RFC5735/RFC6598 Configuratia este valida pentru cel mai recente firmware stable atat din 1.X cat si din 2.0.X train, si anume: v1.10.10 respectiv 2.0.6 - teoretic acopera inclusiv firmware-urile mai vechi down to cel putin to 1.8.0 (2016). De ce? Pentru ca (cel putin in cazul RDS) "apar" pe interfata WAN (internet) subnet-uri (ipv4) care n-ar trebui sa fie routate in internet. BOGONS-urile sunt "scapari" ce n-ar trebui sa apara dar, din pacate, teoria e teorie iar realitatea poate fi total diferita. Aceeasi situatie exista si in cazul ipv6 (exista BOGONS ipv6, dar acest tutorial trateaza doar ipv4). Tutorialul pleaca de la premisa ca se va folosi CLI (teoretic se poate si cu ajutorul GUI-ului dar e ceva "mai complicat" de explicat cu "click-urile"). Asadar Se va crea un grup de firewall unde se vor defini subnet-urile ce vor face parte din acest grup (conform RFC-urilor de mai sus): configure set firewall group network-group BOGONS description 'Martians & UFOs' ###se vor adauga in acest grup clasele de ip ce n-ar trebui sa vina din WAN (internet)### set firewall group network-group BOGONS network 0.0.0.0/8 set firewall group network-group BOGONS network 10.0.0.0/8 set firewall group network-group BOGONS network 100.64.0.0/10 set firewall group network-group BOGONS network 127.0.0.0/8 set firewall group network-group BOGONS network 169.254.0.0/16 set firewall group network-group BOGONS network 172.16.0.0/12 set firewall group network-group BOGONS network 192.0.0.0/24 set firewall group network-group BOGONS network 192.0.2.0/24 set firewall group network-group BOGONS network 192.168.0.0/16 set firewall group network-group BOGONS network 198.18.0.0/15 set firewall group network-group BOGONS network 198.51.100.0/24 set firewall group network-group BOGONS network 203.0.113.0/24 set firewall group network-group BOGONS network 224.0.0.0/4 set firewall group network-group BOGONS network 240.0.0.0/4 ###se aplica configuratia, se salveaza, se iese din configuration mode## commit; save; exit se adauga in WAN_LOCAL (chain-ul LOCAL conform EdgeOS) - chain-ul care "controleaza" traficul destinat direct router-ului [de ex ssh la router, sau accesul acestuia via interfata web-based], cunoscut ca INPUT in terminologia clasica iptables); mentionez ca daca s-a folosit quick-setup-ul numele chain-ului este WAN_LOCAL (cum am mentionat) daca s-a optat pentru o denumire personalizata, ar fi bine a se verifice numele exact al chain-ului) o noua regula DROP (de preferat reguli REJECT) (a se verifica sa nu existe nr regulii, deobicei in configuratia standard sunt doar 2 reguli: regula 10 si regula 20 - voi reveni alta data de ce e indicat a se folosi reguli numerotate cel putin din 10 in 10) cu nr. 100 (accesam din nou modul configure, ca verificare apare # in loc de $ in linia de comanda) configure set firewall name WAN_LOCAL rule 100 action drop set firewall name WAN_LOCAL rule 100 description 'Drop BOGON source' set firewall name WAN_LOCAL rule 100 log enable set firewall name WAN_LOCAL rule 100 source group network-group BOGONS commit; save; exit se aplica regula pe interfata WAN (in cazul conexiunilor pppoe interfata WAN este sesiunea pppoe nu interfata fizica -oricare ar fi: ea eth0/1/2/x- unde e conectat cablul) (plec de la premisa ca exista o singura conexiune ppppoe activa) ATENTIE: conexiunea pppoe din exemplul de mai jos este activa pe interfata eth0 (cablul ce vine dinspre RDS (ont/switch/etc) este conectat fizic la interfata eth0. Schimbati conform setup-ului fizic pe care il aveti definit daca aveti cablul in alta interfata. configure set interfaces ethernet eth0 pppoe 0 firewall local name WAN_LOCAL commit; save; exit se verifica la 2-3 zile log-urile cu show log all |grep WAN_LOCAL si veti avea ceva de genul: Nov 11 23:16:41 gw-001-main kernel: [WAN_LOCAL-100-D]IN=pppoe0 OUT= MAC= SRC=10.0.0.17 DST=5.14.xxx.xxx LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=32726 PROTO=TCP SPT=43818 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0- s-a incercat accesarea router-ului pe portul 1433, protocol TCP de la IP-ul 10.0.0.17 - Sper sa fie de folos si nu ezitati daca aveti nelamuriri. Succes! Edited by Tyby, 12 November 2019 - 18:15. |
Anunturi
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users