February No problem, you could use the config to create a guest network or for other untrusted devices. I have completely rewritten the firewall configuration guide, since the first version had a substantial flaw: it will cut the access from the VLAN to your LAN, but the VLAN can connect to all router services.
If you have already followed the old guide, please delete the ruleset and use the new guide to create a proper firewall config. But the management LAN is a private class C network? I like to experiment with other firmware versions. Before you create the firewall rulesets, you should know and understand the firewall ruleset directions:.
The following firewall ruleset blocks traffic into all networks of your network group, but will allow already established connections. Direction IN means any traffic from eth1. Firewall rules alone will not isolate any networks from custom NAT rules. VLAN 10 is now fully isolated from all other networks.
The firewall will drop all packages from eth. Update February I have completely rewritten the firewall configuration guide, since the first version had a substantial flaw: it will cut the access from the VLAN to your LAN, but the VLAN can connect to all router services. Network Setup Why private class A networks?
Well, why not? And I like short IP addresses. I will also provide a short explanation for each firewall ruleset and its direction.I am guessing I am looking at firewall rules incorrectly as cannot seem to get needed ports to be open. My goal is to have specific ports pass through the router to a VLAN network So, setup a test network to work with firewall rules and DNAT but cannot even get one port,to open to a computer running Spiceworks on that network.
I can access this using the local IP address I have done many searches and watch multiple videos but all seem to show and explain how to block or accept ports from the local network to the internet and not internet to local network.
I may be too close to see the answer. Any guidance or link to the correct how-to is greatly appreciated. I am using an EdgeRouter with v1. Thanks, I have this article and am reading it through a few times before I actually create the rules. I have done so far are just as you say "pretty straight forward". The only setting left is to lock a port down to only the IP addresses of the provider. I am thinking this would be done in the source field of the Firewall rule but need to find a way to test.
Since I can now run a port scan on that reports as open I added the IP range for ShieldsUp service they post this info to my firewall rule source field. I ran the port scan again from ShieldsUp and still shows open. I then ran a port scan from Spiceworks tools and the port shows closed. Removed the IP range from the firewall rule source field, ran port scan from both ShieldsUp and Spiceworks and shows open from both.
To continue this discussion, please ask a new question. Get answers from your peers along with millions of IT pros who visit Spiceworks. Best Answer. Pure Capsaicin.
Ubiquiti EdgeRouter Lite Setup Part 3: VLAN Setup
Verify your account to enable IT peers to see that you are a professional. Glad you have an EdgeRouter and on the latest update. Popular Topics in General Networking. Spiceworks Help Desk. The help desk software for IT. Track users' IT needs, easily, and with only the features you need. Thai Pepper. MSouthworth This person is a verified professional.
I am thinking this would be done in the source field of the Firewall rule but need to find a way to test Thanks for the guide. Still unsure why or what I kept doing incorrectly. Test it from another IP and only allow that IP, let's say your home or some sort.I have a tonne of hardware around the house, so ideally I didn't want to buy anything. I will outline what I have used, but most of the devices are standard devices so anything should do.
I did buy a Ubiquiti EdgeRouter X as the central point of the network. This is an inexpensive and highly flexible device that I strongly recommend.
It is the only non-generic device used in the guide below.Quick Configs Ubiquiti - VLANs & Switch Interface
Below is a crude diagram of my desired network. The obvious part that is missing is a modem between the EdgeRouterX and "The Internet", but I don't feel it is relevant to this particular scenario. Rather than try to set this all up in one go, I decided to break it down into steps and get each part working correctly.
Setting up a guest network with the EdgeRouter Lite
There are plenty of basic setup guides for the EdgeRouter X and I really don't want to repeat them in detail here, so I will just give a rough outline here.
The wizard has created a switch which joins Eth2, Eth3 and Eth4 together. You can keep this setup, but I am going to remove it. This setup might be what you want, but I do not want the switch as I want to only use eth2 for the This is how we go about removing the switch.
Remember to alter the DNS forwarders to remove switch0 and add eth2. This is done in the services section of the EdgeRouter X config. As I mentioned above, I am using two random home routers as Wifi access points for each network. I do not think it would be valuable for me to go through the configuration of each router specifically, but I will outline some key points here. Now we want to segregate the networks. In my case I am using IPVanish.
You are now ready to configure the router to use the OpenVpn configuration.I spent most of my Labour Day trying to accomplish two tasks with an EdgeRouter 4 and the other miscellaneous networking gear in the house: setting up a simple VLAN and getting my backup DSL connection working.
The system got a lease in the correct range, but hosts on VLAN 1 At this point I had changed out all components in the equation except for the server, so after dinner I poked around with a few more settings in the switch and then tried a different scenario:.
When all components were connected, the desktop on VLAN 1 at At this point, the trouble seemed to lie with the server itself. Skip to content I spent most of my Labour Day trying to accomplish two tasks with an EdgeRouter 4 and the other miscellaneous networking gear in the house: setting up a simple VLAN and getting my backup DSL connection working.
Can I ping the router IP address? Yes, clients from VLAN 1 could ping What does tcpdump say? Is the switch not permitting VLAN traffic? The Cisco SGP purchased as surplus gear has the most awful web interface. I also took the opportunity to upgrade the firmware. No change. Investigating the server At this point, the trouble seemed to lie with the server itself.
Consider replacing the switch with something that will cause less irritation. Windows file share and NTFS permissions.I have a two LAN networks which are physically separate at the moment. Which I am planning to combine with an EdgeRouter Lite. You have a primary network that is connected to the internet today. The default route for that network points to You have a second subnet LAN2 with the address of That router has an interface on the primary network of I would highly advice you not to open up to a server.
It is one of the most insecure ports there are. Your systems will become compromised, it is just a matter of when To continue this discussion, please ask a new question. Get answers from your peers along with millions of IT pros who visit Spiceworks. How do I go about establishing routing between these two networks with the EdgeRouter.
Thanks in advance for any help. EdgeRouter from Ubiquiti Project. Best Answer. George Sep 20, at UTC. General Networking expert. Just so I understand your situation: You have a primary network that is connected to the internet today. If I understand this correctly, then there are two things you need to do. We found 6 helpful replies in similar discussions:.
What I would like is to be able to configure my ERX so that the following behavior occurs when I connect it to my network:. This seems like it would be straightforward, but evidently it is not. Note: in the linked thread its stated that what I'm trying to do isn't supported, but the thread is nearly five years old now, so I'm looking for newer info if it exists.
The only other option I'm seeing is to create a bridged interface and try to work with that, but that loses all the performance of having a dedicated switching chip, which would be very frustrating.
Sign up to join this community. The best answers are voted up and rise to the top. Home Questions Tags Users Unanswered. Asked 1 year, 7 months ago. Active 23 days ago. Viewed 3k times. Note: in the linked thread its stated that what I'm trying to do isn't supported, but the thread is nearly five years old now, so I'm looking for newer info if it exists I have tried the following configurations: Attempt 1: switch0 address set to DHCP switch0 vlan-aware enabled Switch ports eth0 - eth4 set so pvid is Attempt 2: with this one, switch0.
Any help would be greatly appreciated. Active Oldest Votes. Alexander Stumpf Alexander Stumpf 1 3 3 bronze badges. Sign up or log in Sign up using Google. Sign up using Facebook. Sign up using Email and Password. Post as a guest Name. Email Required, but never shown. The Overflow Blog. The Overflow How many jobs can be done at home? Featured on Meta.
That way what they do will not interface with the regular network, and will not be shown to my isp. Where are all of these devices, on a single campus yes I know the scope here or on multiple campuses?
Yes the edgerouter can do vlans. I know you are asking about the edgerouter, I'm looking at the entire project so see if there is a different way to go about it. I am just dealing with a single campus right now. Excluding the Emby server which will need to talk to them, nothing else on the network needs to interact with the Raspberry Pi's. To continue this discussion, please ask a new question. Get answers from your peers along with millions of IT pros who visit Spiceworks.
Popular Topics in General Networking. Which of the following retains the information it's storing when the system power is turned off? Verify your account to enable IT peers to see that you are a professional.
George Mar 7, at UTC. General Networking expert. I'm not seeing where vpn comes into play if this is all one campus. This topic has been locked by an administrator and is no longer open for commenting.
Read these next