Sign In
Create Account
EdgeRouter X - Ubiquiti - (ER X)
3 votes
Last Updated: Mar 09 2024 11:58, Started by
wolfydRg
, Nov 09 2019 21:14
·
14
14
#343
Posted 11 June 2021 - 17:15
|
1st.
incearca asa: configure delete interface ethernet eth0 ipv6 edit firewall ipv6-name WANv6_IN set rule 30 action accept set rule 30 description 'Allow ICMPv6 in LAN' set rule 30 protocol icmpv6 commit; top; save; exit ai start leasing la .2 si end la 245, ai pi-hole la .99 : bQ910 asta e pi-hole-ul? (mac 00:19:99:d5:4d:a5) ? folosesti dns forwarding: asta se foloseste atunci cand vrei ca router-ul tau sa fie si server de dns in lan - dar tu folosesti pi-hole-ul, deci nu-si prea are rostul. sterge serviciul si aloca gateaway-ului tau ca dns server-ul de pi-hole. configure delete service dns set system name-server 192.168.0.99 commit; save; exit nat regula 100 la destination trebuie sa ai tot ce e diferit de 192.168.0.99 adica trebuie ! in fata: configure edit service nat rule 100 delete destination address 192.168.0.99 set destination address !192.168.0.99 commit; top; save; exit verifica: in router: clear nat counters apoi de pe un windows: start > run > cmd nslookup google.com 1.1.1.1 pe router show nat statisticsar trebui sa ai acelasi nr la count si la regula 100 si la regula 5100 Iarasi, ca fapt divers, as micsora pool-ul dhcp-ului, de ex. intre 192.168.0.100 si .200 (sunt indeajuns 100) / as pune ip-uri fixe la AP-uri si la pi-hole (acelasi ip-uri care le ai acum dar sa nu fie in pool-ul dhcp-ului). Orice VPN iti va creste latenta; conteaza si de acoperirea provider-ului GSM (una e sa te contectezi de pe 4G si alta de pe Edge). Wireguard e mai mult decat OK. Il poti instala direct pe ER-X 
|
Back to top
#344
Posted 11 June 2021 - 18:20
|
Comentarii cu rosu. Nu stiu ce se intampla la NAT cu !192.168.0.99 ala, imi da jos tot traficul desi pi-hole imi zice ca a redirectionat requestul catre upstream DNS.
Merg request-urile catre masinile din LAN, dar nimic in exterior.
1st. incearca asa: configure delete interface ethernet eth0 ipv6 edit firewall ipv6-name WANv6_IN set rule 30 action accept set rule 30 description 'Allow ICMPv6 in LAN' set rule 30 protocol icmpv6 commit; top; save; exit DONE ai start leasing la .2 si end la 245, ai pi-hole la .99 : bQ910 asta e pi-hole-ul? (mac 00:19:99:d5:4d:a5) ? Da, ala e pi-hole. folosesti dns forwarding: asta se foloseste atunci cand vrei ca router-ul tau sa fie si server de dns in lan - dar tu folosesti pi-hole-ul, deci nu-si prea are rostul. sterge serviciul si aloca gateaway-ului tau ca dns server-ul de pi-hole. configure delete service dns set system name-server 192.168.0.99 commit; save; exit DONE. nat regula 100 la destination trebuie sa ai tot ce e diferit de 192.168.0.99 adica trebuie ! in fata: configure edit service nat rule 100 delete destination address 192.168.0.99 set destination address !192.168.0.99 commit; top; save; exit Eh, aici e belea. Daca setez destination cu ! in fata, nu mai merge nimic. Urlau copiii ca din gura de sarpe pana m-am prins de ce a picat tot. Ceva nu-i place aici... stiu ca si data trecuta tot asa mi-ai zis, dar a trebuit sa ignor, de aia era prezent acum fara ! in fata. Nu stiu ce nu-i place, poate sintaxa, poate e vreo alta setare, dar pica in cap internetul, pot apela si raspund doar IP-uri din LAN... verifica: in router: clear nat counters apoi de pe un windows: start > run > cmd nslookup google.com 1.1.1.1 Pe regula cu destination = ! 192.168.0.99, nu iese din LAN... pe router show nat statisticsar trebui sa ai acelasi nr la count si la regula 100 si la regula 5100 Are acelasi count la ambele. Iarasi, ca fapt divers, as micsora pool-ul dhcp-ului, de ex. intre 192.168.0.100 si .200 (sunt indeajuns 100) / as pune ip-uri fixe la AP-uri si la pi-hole (acelasi ip-uri care le ai acum dar sa nu fie in pool-ul dhcp-ului). Am micsorat pool-ul, l-am pus de la 200-245, imi sunt suficienti 45 de clienti. Pana la .150 am nevoie de unele fixe, am alte configurari care depind de ele. Orice VPN iti va creste latenta; conteaza si de acoperirea provider-ului GSM (una e sa te contectezi de pe 4G si alta de pe Edge). Wireguard e mai mult decat OK. Il poti instala direct pe ER-X Whaaaaat !???? Nu m-as risca, poate stric si una si alta...  Attached Files
|
#345
Posted 11 June 2021 - 18:36
|
Spoiler
Ma gandesc ca poate nu e OK setarea asta cu range-ul de IP-uri ? Daca tot range-ul .2 - .245 da in .99, dar in acelasi timp .99 e in range-ul desemnat...intra cumva in loop? Ar trebui ca pi-hole .99 sa fie in afara range-ului ? |
#346
Posted 11 June 2021 - 19:03
|
nu poti pune adresa de broadcast in dhcp pool (adica 192.168.0.255) - pool-ul se termina la 254
Spoiler
Ma gandesc ca poate nu e OK setarea asta cu range-ul de IP-uri ? Daca tot range-ul .2 - .245 da in .99, dar in acelasi timp .99 e in range-ul desemnat...intra cumva in loop? Ar trebui ca pi-hole .99 sa fie in afara range-ului ? exact. asta iti scriam ca sa schimbi. 5 min schimba pool-ul intre 200 si 254. (cum ziceam mai sus .255 (broadcast) nu poate fi in pool). schimba toate dhcp resevation nu uita de ip la ap-uri - le setezi din controller-ul unifi. - sau telefon daca u ai controller configure edit service nat rule 100 delete destination address 192.168.0.99 set destination address !192.168.0.99 delete source address 192.168.0.2-192.168.0.255 set source address 192.168.0.200-192.168.0.254 top edit service nat rule 5100 set source address 192.168.0.200-192.168.0.254 top commit; save; exit FYG: asta e un config care merge (ma refer la cele 2 reguli NAT) le-am modificat ca nr la fel ca la tine numai ca diferit sunt 2 servere de dns in configul de mai jos; 192.168.0.77 si .78 iar pool-ul dhcp-ului e de la .100 la .200. la inbound/outbound tu trebuie sa ai switch0 - sa nu uiti ca asta e lan-ul tau! asta pt inspiratie 100 (redirect)
ogo@gw# show service nat rule 100
description "DNS redirect for MAIN network"
destination {
address !192.168.0.77-192.168.0.78
port 53
}
inbound-interface eth3
inside-address {
address 192.168.0.77-192.168.0.78
port 53
}
log disable
protocol tcp_udp
source {
address 192.168.0.100-192.168.0.254
}
type destination
5100 masquarade
ogo@gw# show service nat rule 5100
description "DNS masquerade for MAIN network"
destination {
address 192.168.0.77-192.168.0.78
port 53
}
log disable
outbound-interface eth3
protocol tcp_udp
source {
address 192.168.0.100-192.168.0.254
}
type masquerade
Edited by ogo, 11 June 2021 - 19:04. |
#347
Posted 11 June 2021 - 19:35
|
Acum merge, dar a picat ipv6. Cred ca il arunc pe geam
 Quote configure delete interface ethernet eth0 ipv6 Poate de la asta? E singura modificare ipv6 related facuta. Hai s-o pun la loc... * A luat-o. Acum am de toate, belsug si bogatie  
Edited by Xelo, 11 June 2021 - 19:45. |
#348
Posted 11 June 2021 - 21:41
|
ciudat..n-ar trebui sa aiba vreo legatura ipv6-le setat pe interfata fizica cu ipv6-le setat pt tunelul pppoe
|
#349
Posted 08 October 2021 - 18:11
|
@ogo
Salut  Acum nu mai folosesc ipsec. Stiu ca parca incercasem ipsec on top of GRE. La vremea respectiva ma mai lovisem de faptul ca ddclient ( versiunea de pe router ) nu stia de ipv6. De curiozitate, ce throughput ai pe ER-X in ipsec ? Eu acum folosesc wireguard peste ipv6 ( ~190-200 mbps ), si zerotier tot peste ipv6 ( desi zerotier pe er-x e cam lent 70mbps) 
Capture.PNG 92.64K
12 downloadsUpdate: de fapt, aici doar unul din capete e pe edgerouter, in partea cealalata e un vps de la hetzner Edited by ovidiuvio, 08 October 2021 - 18:23. |
#350
Posted 08 October 2021 - 19:09
|
cam multe stream-uri pe iperf
 o sa pun un ipsec, nu mai am, er-x-ul meu face bgp ogo@gw-003-test:~$ show ip bgp neighbors BGP neighbor is 192.168.0.1, remote AS 64567, local AS 64568, external link BGP version 4, remote router ID 192.168.0.1 BGP state = Established, up for 01w2d04h Last read 01w2d04h, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities: Dynamic: advertised and received Route refresh: advertised and received (old and new) 4-Octet ASN Capability: advertised and received Address family IPv4 Unicast: advertised and received Received 13252 messages, 0 notifications, 0 in queue Sent 13251 messages, 0 notifications, 0 in queue Route refresh request: received 0, sent 0 Minimum time between advertisement runs is 30 seconds For address family: IPv4 Unicast BGP table version 20, neighbor version 20 Index 1, Offset 0, Mask 0x2 Inbound soft reconfiguration allowed Community attribute sent to this neighbor (both) 19 accepted prefixes 0 announced prefixes Connections established 1; dropped 0 External BGP neighbor may be up to 10 hops away. Local host: 192.168.0.171, Local port: 179 Foreign host: 192.168.0.1, Foreign port: 39070 Nexthop: 192.168.0.171 Nexthop global: fe80::7683:c2ff:fe4d:5706 Nexthop local: :: BGP connection: non shared network |
#353
Posted 08 October 2021 - 19:53
|
Rackul ala il ai acasa ?
Edited by Ravy, 09 October 2021 - 04:52. |
#355
Posted 08 October 2021 - 20:45
#356
Posted 08 October 2021 - 20:46
#357
Posted 08 October 2021 - 20:57
|
Vezi ca s-a scumpit electricitatea
)Si ca tot suntem la capitolul EdgeRouterX, un view prin UISP:
Capture2.PNG 132.97K
36 downloads
Edited by Ravy, 09 October 2021 - 04:50. |
|
#358
Posted 08 October 2021 - 21:24
|
heh
CyberPower > devsta show Load ----------------------------------------------- Device Load : 1.33 A/ 270 W/ 300 VA Power Factor : 0.90 Peak Load : 1.44A (at 29-Jul-21 03:08:19) Energy : 2491.4kWh (from 10-Jan-19 19:33:40) Utility ----------------------------------------------- Voltage : 229.3V Frequency : 50.0Hz doar L2/L3 wired ca sunt prea multi clienti iar pe wireless e doar 1 UISP-LTE.
Screenshot 2021-10-08 at 22-20-44 UISP unms purple lan.png 26.26K
16 downloads
Edited by ogo, 08 October 2021 - 21:13. |
#359
Posted 08 October 2021 - 21:44
|
ER Infinity
Edited by Ravy, 09 October 2021 - 04:49. |
#360
Posted 08 October 2021 - 22:06
|
apropo
cand ai setat er-x-ul ala ca si gateway in unms/uisp s-a dus in porumb offload-ul tau ( - asta daca nu ai re-setat de mana offload-ul si ai sters traffic-control (cel putin). asta daca nu utilizezi shaping/netflow/suspend intentionat. yeah, ready for 10 Gbps de la RDS acasa. si ca back-up (vreau sa VRRP) ma gandesc la un 1036 sau poate vine mosu' cu un 1072 de la mikrotik pt impresii de genu' "a mea e mai mare" exista si un mx204  - bine nu e al meu -inca-, dar va fi in urmatorii ani cand se va hotara casarea..
|
Anunturi
Bun venit pe Forumul Softpedia!
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
-
- Change Theme
- English
- Mark Community Read
- Termene & conditii
- Confidentialitate
- Consimtamant
- Cookies
- Help
© 2001-2024 Softpedia. All rights reserved. Softpedia® and the Softpedia logo are registered trademarks of SoftNews Net SRL.
Ora implicita a Forumului Softpedia este ora standard a Romaniei (GMT+2). Mai multe informatii →
⚠ Postarile afisate pe Forumul Softpedia reprezinta o opinie subiectiva a membrilor care le-au publicat si nu a SoftNews Net SRL.