Bem-vindo à Comunidade UBNT

Configuração Básica EdgeRouterX

Efetuei a configuração (básica) no edgerouterX. 
eth0 -> WAN
eth1,eth2,eth3,eth4 switch0 (switchport)
Entretanto, quando tento aceder a um serviço (entre hosts) não tenho comunicação entre eles. Por exemplo, PC ligado em eth1 efetua ping, ou acesso RDP a PC ligado eth2 sem sucesso.
Já revi as configuração swicthport, DHCP, Firewall sem detetar qualquer erro de configuração.
Entretanto, até efetuei downgrade de firmware v1.8 para 1.7, pensando que fosse algum BUG de firmware, mas o problema mantém-se
Sugestões?   
Rotulado:

Comentários

  • R4V3RR4V3R 8500 Pontos
    Olá @lhccardoso, não vejo como isso possa ser um problema com o roteador, visto que as máquinas que você cita estão conectadas ao switch do ER-X, e não há bloqueios entre portas no mesmo switch. Para podermos confirmar, poste a configuração do seu roteador.
  • lhccardosolhccardoso 6 Pontos
    editado maio 2016
    DHCP Service: 10.0.0.0/24
    Range: 10.0.0.9-10.0.0.99
    WAN 10.10.10.10/24 (IP definido no ISP router)
    eth1: 10.0.0.10 (pc1)
    eth2: 10.0.0.9 (pc2)
    eth3: none
    eth4: unifiAP (10.0.0.20)

  • R4V3RR4V3R 8500 Pontos
    Me refiro ao arquivo contendo a configuração completa de seu roteador, da maneira como é exibido pelo comando "show" em modo de configuração.
  • config/ 0002775 0000000 0000146 00000000000 12716445133 012053 5 ustar root vyattacfg config/auth/ 0002775 0000000 0000146 00000000000 12661727455 013025 5 ustar root vyattacfg config/user-data/ 0002775 0000000 0000146 00000000000 12661727456 013752 5 ustar root vyattacfg config/config.boot 0000664 0000000 0000146 00000013102 12716445133 014200 0 ustar root vyattacfg firewall {
    all-ping enable
    broadcast-ping disable
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name WAN_IN {
    default-action drop
    description "WAN to internal"
    rule 10 {
    action accept
    description "Allow established/related"
    state {
    established enable
    related enable
    }
    }
    rule 20 {
    action drop
    description "Drop invalid state"
    state {
    invalid enable
    }
    }
    }
    name WAN_LOCAL {
    default-action drop
    description "WAN to router"
    rule 1 {
    action accept
    description "Allow established/related"
    state {
    established enable
    related enable
    }
    }
    rule 2 {
    action accept
    description "Allow PPTP port (1723)"
    destination {
    port 1723
    }
    log enable
    protocol tcp
    }
    rule 3 {
    action accept
    description "Allow PPTP GRE"
    log enable
    protocol gre
    }
    rule 4 {
    action accept
    description "SSH (21 & 22)"
    destination {
    port 22
    }
    log disable
    protocol tcp
    }
    rule 5 {
    action accept
    description HTTP/HTTPS
    destination {
    port 80,443
    }
    log disable
    protocol tcp
    }
    rule 6 {
    action accept
    description RDP
    destination {
    port 3389
    }
    log enable
    protocol tcp_udp
    }
    rule 7 {
    action drop
    description "Drop invalid state"
    state {
    invalid enable
    }
    }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
    }
    interfaces {
    ethernet eth0 {
    address dhcp
    description Internet
    duplex auto
    firewall {
    in {
    name WAN_IN
    }
    local {
    name WAN_LOCAL
    }
    }
    speed auto
    }
    ethernet eth1 {
    description Local
    duplex auto
    speed auto
    }
    ethernet eth2 {
    description Local
    duplex auto
    speed auto
    }
    ethernet eth3 {
    description Local
    duplex auto
    speed auto
    }
    ethernet eth4 {
    description Local
    duplex auto
    poe {
    output off
    }
    speed auto
    }
    loopback lo {
    }
    switch switch0 {
    address 10.0.0.1/24
    description Local
    mtu 1500
    switch-port {
    interface eth1
    interface eth2
    interface eth3
    interface eth4
    }
    }
    }
    service {
    dhcp-server {
    disabled false
    hostfile-update disable
    shared-network-name LAN {
    authoritative disable
    subnet 10.0.0.0/24 {
    default-router 10.0.0.1
    dns-server 10.0.0.1
    dns-server 8.8.8.8
    lease 86400
    start 10.0.0.9 {
    stop 10.0.0.99
    }
    static-mapping HP-DV9 {
    ip-address 10.0.0.10
    mac-address 00:1e:68:29:61:df
    }
    unifi-controller 10.0.0.1
    }
    }
    }
    dns {
    forwarding {
    cache-size 150
    listen-on switch0
    }
    }
    gui {
    https-port 443
    }
    nat {
    rule 5010 {
    description "masquerade for WAN"
    outbound-interface eth0
    type masquerade
    }
    }
    ssh {
    port 22
    protocol-version v2
    }
    }
    system {
    host-name EdgeRouter
    login {
    user admin {
    authentication {
    encrypted-password $6$zk7.pYgXs2hSZo$XM59zYHlgQWvTOTsoeylHVTCMqJpcPzp6dicU84aUmVKzX76GdIiGlv8zpMRk/LB7hGHh/zw.cA8sIMPCPDSl1
    }
    full-name "Licinio Cardoso"
    level admin
    }
    }
    ntp {
    server 0.ubnt.pool.ntp.org {
    }
    server 1.ubnt.pool.ntp.org {
    }
    server 2.ubnt.pool.ntp.org {
    }
    server 3.ubnt.pool.ntp.org {
    }
    }
    syslog {
    global {
    facility all {
    level notice
    }
    facility protocols {
    level debug
    }
    }
    }
    time-zone Europe/Lisbon
    }
    vpn {
    pptp {
    remote-access {
    authentication {
    local-users {
    username licinio {
    password lcvpn16
    }
    }
    mode local
    }
    client-ip-pool {
    start 10.0.0.100
    stop 10.0.0.119
    }
    dns-servers {
    server-1 8.8.8.8
    server-2 4.4.4.4
    }
    mtu 1492
    }
    }
    }


    /* Warning: Do not remove the following line. */
    /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
    /* Release version: v1.8.0.4853089.160219.1607 */
    config/url-filtering/ 0002755 0000000 0000146 00000000000 12661727703 014641 5 ustar root vyattacfg config/url-filtering/squidguard/ 0000755 0000000 0000000 00000000000 12661727532 015767 5 ustar root root config/url-filtering/squidguard/db/ 0000755 0000000 0000000 00000000000 12652530657 016354 5 ustar root root config/dhcpd.leases 0000644 0000000 0000146 00000003401 12716425275 014332 0 ustar root vyattacfg # The format of this file is documented in the dhcpd.leases(5) manual page.
    # This lease file was written by isc-dhcp-4.1-ESV-R7

    lease 10.0.0.38 {
    starts 0 2016/05/15 10:20:14;
    ends 0 2016/05/15 11:41:17;
    #shared-network: LAN
    tstp 0 2016/05/15 11:41:17;
    cltt 0 2016/05/15 10:20:14;
    binding state free;
    hardware ethernet 00:1e:68:29:61:df;
    uid "\001\000\036h)a\337";
    }
    lease 10.0.0.43 {
    starts 1 2016/05/16 08:41:32;
    ends 2 2016/05/17 08:41:32;
    #shared-network: LAN
    cltt 1 2016/05/16 08:41:32;
    binding state active;
    next binding state free;
    hardware ethernet 6c:ad:f8:d1:21:d2;
    client-hostname "Chromecast";
    }
    lease 10.0.0.39 {
    starts 1 2016/05/16 18:47:09;
    ends 2 2016/05/17 18:47:09;
    #shared-network: LAN
    cltt 1 2016/05/16 18:47:09;
    binding state active;
    next binding state free;
    hardware ethernet 44:d9:e7:22:a8:d2;
    uid "\001D\331\347\"\250\322";
    }
    lease 10.0.0.40 {
    starts 1 2016/05/16 19:20:21;
    ends 2 2016/05/17 19:20:21;
    #shared-network: LAN
    cltt 1 2016/05/16 19:20:21;
    binding state active;
    next binding state free;
    hardware ethernet 34:4d:f7:46:f1:6a;
    uid "\0014M\367F\361j";
    client-hostname "android-12c9e184221a2d19";
    }
    lease 10.0.0.41 {
    starts 1 2016/05/16 19:22:13;
    ends 2 2016/05/17 19:22:13;
    #shared-network: LAN
    cltt 1 2016/05/16 19:22:13;
    binding state active;
    next binding state free;
    hardware ethernet cc:fe:3c:0e:b4:4b;
    uid "\001\314\376<\016\264K";
    }
    lease 10.0.0.42 {
    starts 1 2016/05/16 19:55:14;
    ends 2 2016/05/17 19:55:14;
    #shared-network: LAN
    cltt 1 2016/05/16 19:55:14;
    binding state active;
    next binding state free;
    hardware ethernet b4:82:fe:ba:6b:f0;
    uid "\001\264\202\376\272k\360";
    client-hostname "pc-lcardoso";
    }
    server-duid "\000\001\000\001\0347J\340D\331\347Qn\203";

    config/support/ 0002775 0000000 0000146 00000000000 12661727456 013601 5 ustar root vyattacfg config/wizard/ 0002755 0000041 0000146 00000000000 12451107007 014115 5 ustar www-data vyattacfg config/wizard/feature/ 0002755 0000041 0000146 00000000000 12451107007 015550 5 ustar www-data vyattacfg config/scripts/ 0002775 0000000 0000146 00000000000 12661727455 013553 5 ustar root vyattacfg config/scripts/post-config.d/ 0002775 0000000 0000146 00000000000 12661727455 016225 5 ustar root vyattacfg                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
  • R4V3RR4V3R 8500 Pontos
    Certo, eth1, eth2, eth3 e eth4 pertencem ao switch0, então estão conectados ao mesmo domínio de broadcast, não há sequer como "bloquear" acessos entre estações conectadas à uma dessas portas, então, como eu havia dito, seu problema está em outro lugar..
    Fora isso, a única coisa que achei estranho é que você está permitindo acesso ao roteador na porta 3389? Algum motivo específico, sendo que o roteador em si não possui serviço RDP?
  • Esta é a minha configuração atual (a que mandei atrás, não era atual):

    config/ 0002775 0000000 0000146 00000000000 12721370427 012052 5 ustar root vyattacfg config/auth/ 0002775 0000000 0000146 00000000000 12661727455 013025 5 ustar root vyattacfg config/user-data/ 0002775 0000000 0000146 00000000000 12661727456 013752 5 ustar root vyattacfg config/config.boot 0000664 0000000 0000146 00000013130 12721370427 014200 0 ustar root vyattacfg firewall {
    all-ping enable
    broadcast-ping disable
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name WAN_IN {
    default-action drop
    description "WAN to internal"
    enable-default-log
    rule 2 {
    action accept
    description "Allow established/related"
    log disable
    protocol all
    state {
    established enable
    related enable
    }
    }
    rule 3 {
    action drop
    description "Drop invalid state"
    log disable
    protocol all
    state {
    invalid enable
    }
    }
    }
    name WAN_LOCAL {
    default-action drop
    description "WAN to router"
    rule 1 {
    action accept
    description "Allow established/related"
    state {
    established enable
    related enable
    }
    }
    rule 2 {
    action accept
    description "Allow PPTP port (1723)"
    destination {
    port 1723
    }
    log enable
    protocol tcp
    }
    rule 3 {
    action accept
    description "Allow PPTP GRE"
    log enable
    protocol gre
    }
    rule 4 {
    action accept
    description HTTP/HTTPS
    destination {
    port 80,443
    }
    log disable
    protocol tcp
    }
    rule 6 {
    action drop
    description "Drop invalid state"
    state {
    invalid enable
    }
    }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
    }
    interfaces {
    ethernet eth0 {
    address dhcp
    description Internet
    duplex auto
    firewall {
    in {
    name WAN_IN
    }
    local {
    }
    }
    ip {
    enable-proxy-arp
    }
    speed auto
    }
    ethernet eth1 {
    description Local
    duplex auto
    speed auto
    }
    ethernet eth2 {
    description Local
    duplex auto
    speed auto
    }
    ethernet eth3 {
    description Local
    duplex auto
    speed auto
    }
    ethernet eth4 {
    description WLAN
    duplex auto
    poe {
    output off
    }
    speed auto
    }
    loopback lo {
    }
    switch switch0 {
    address 10.0.0.1/24
    description Local
    mtu 1500
    switch-port {
    interface eth1
    interface eth2
    interface eth3
    interface eth4
    }
    }
    }
    service {
    dhcp-server {
    disabled false
    hostfile-update disable
    shared-network-name LAN {
    authoritative disable
    subnet 10.0.0.0/24 {
    default-router 10.0.0.1
    dns-server 10.0.0.1
    dns-server 8.8.8.8
    lease 86400
    start 10.0.0.9 {
    stop 10.0.0.99
    }
    static-mapping HP-DV9 {
    ip-address 10.0.0.10
    mac-address 00:1e:68:29:61:df
    }
    static-mapping unifiAP {
    ip-address 10.0.0.20
    mac-address 44:d9:e7:22:a8:d2
    }
    unifi-controller 10.0.0.1
    }
    }
    }
    dns {
    forwarding {
    cache-size 150
    listen-on switch0
    }
    }
    gui {
    https-port 443
    }
    nat {
    rule 5010 {
    description "masquerade for WAN"
    log disable
    outbound-interface eth0
    protocol all
    type masquerade
    }
    }
    ssh {
    port 22
    protocol-version v2
    }
    }
    system {
    host-name EdgeRouter
    login {
    user admin {
    authentication {
    encrypted-password $6$zk7.pYgXs2hSZo$XM59zYHlgQWvTOTsoeylHVTCMqJpcPzp6dicU84aUmVKzX76GdIiGlv8zpMRk/LB7hGHh/zw.cA8sIMPCPDSl1
    }
    full-name "Licinio Cardoso"
    level admin
    }
    }
    name-server 213.228.128.99
    name-server 213.228.128.5
    name-server 8.8.8.8
    ntp {
    server 0.ubnt.pool.ntp.org {
    }
    server 1.ubnt.pool.ntp.org {
    }
    server 2.ubnt.pool.ntp.org {
    }
    server 3.ubnt.pool.ntp.org {
    }
    }
    syslog {
    global {
    facility all {
    level notice
    }
    facility protocols {
    level debug
    }
    }
    }
    time-zone Europe/Lisbon
    }
    vpn {
    pptp {
    remote-access {
    authentication {
    local-users {
    username licinio {
    password #$%%$#%$#$
    }
    }
    mode local
    }
    client-ip-pool {
    start 10.0.0.100
    stop 10.0.0.119
    }
    dns-servers {
    server-1 8.8.8.8
    server-2 4.4.4.4
    }
    mtu 1492
    }
    }
    }


    /* Warning: Do not remove the following line. */
    /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@4:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
    /* Release version: v1.7.0.4783374.150622.1533 */
    config/config.boot.2016-05-25-1833.pre-migration 0000640 0000000 0000146 00000013171 12721367743 020413 0 ustar root vyattacfg firewall {
    all-ping enable
    broadcast-ping disable
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name WAN_IN {
    default-action drop
    description "WAN to internal"
    enable-default-log
    rule 2 {
    action accept
    description "Allow established/related"
    log disable
    protocol all
    state {
    established enable
    related enable
    }
    }
    rule 3 {
    action drop
    description "Drop invalid state"
    log disable
    protocol all
    state {
    invalid enable
    }
    }
    }
    name WAN_LOCAL {
    default-action drop
    description "WAN to router"
    rule 1 {
    action accept
    description "Allow established/related"
    state {
    established enable
    related enable
    }
    }
    rule 2 {
    action accept
    description "Allow PPTP port (1723)"
    destination {
    port 1723
    }
    log enable
    protocol tcp
    }
    rule 3 {
    action accept
    description "Allow PPTP GRE"
    log enable
    protocol gre
    }
    rule 4 {
    action accept
    description HTTP/HTTPS
    destination {
    port 80,443
    }
    log disable
    protocol tcp
    }
    rule 6 {
    action drop
    description "Drop invalid state"
    state {
    invalid enable
    }
    }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
    }
    interfaces {
    ethernet eth0 {
    address dhcp
    description Internet
    duplex auto
    firewall {
    in {
    name WAN_IN
    }
    local {
    }
    }
    ip {
    enable-proxy-arp
    }
    speed auto
    }
    ethernet eth1 {
    description Local
    duplex auto
    speed auto
    }
    ethernet eth2 {
    description Local
    duplex auto
    speed auto
    }
    ethernet eth3 {
    description Local
    duplex auto
    speed auto
    }
    ethernet eth4 {
    description WLAN
    duplex auto
    poe {
    output off
    }
    speed auto
    }
    loopback lo {
    }
    switch switch0 {
    address 10.0.0.1/24
    description Local
    mtu 1500
    switch-port {
    interface eth1
    interface eth2
    interface eth3
    interface eth4
    }
    }
    }
    service {
    dhcp-server {
    disabled false
    hostfile-update disable
    shared-network-name LAN {
    authoritative disable
    subnet 10.0.0.0/24 {
    default-router 10.0.0.1
    dns-server 10.0.0.1
    dns-server 8.8.8.8
    lease 86400
    start 10.0.0.9 {
    stop 10.0.0.99
    }
    static-mapping HP-DV9 {
    ip-address 10.0.0.10
    mac-address 00:1e:68:29:61:df
    }
    static-mapping unifiAP {
    ip-address 10.0.0.20
    mac-address 44:d9:e7:22:a8:d2
    }
    unifi-controller 10.0.0.1
    }
    }
    }
    dns {
    forwarding {
    cache-size 150
    listen-on switch0
    }
    }
    gui {
    https-port 443
    }
    nat {
    rule 5010 {
    description "masquerade for WAN"
    log disable
    outbound-interface eth0
    protocol all
    type masquerade
    }
    }
    ssh {
    port 22
    protocol-version v2
    }
    }
    system {
    gateway-address 10.10.10.254
    host-name EdgeRouter
    login {
    user admin {
    authentication {
    encrypted-password $6$zk7.pYgXs2hSZo$XM59zYHlgQWvTOTsoeylHVTCMqJpcPzp6dicU84aUmVKzX76GdIiGlv8zpMRk/LB7hGHh/zw.cA8sIMPCPDSl1
    }
    full-name "Licinio Cardoso"
    level admin
    }
    }
    name-server 213.228.128.99
    name-server 213.228.128.5
    name-server 8.8.8.8
    ntp {
    server 0.ubnt.pool.ntp.org {
    }
    server 1.ubnt.pool.ntp.org {
    }
    server 2.ubnt.pool.ntp.org {
    }
    server 3.ubnt.pool.ntp.org {
    }
    }
    syslog {
    global {
    facility all {
    level notice
    }
    facility protocols {
    level debug
    }
    }
    }
    time-zone Europe/Lisbon
    }
    vpn {
    pptp {
    remote-access {
    authentication {
    local-users {
    username licinio {
    password lcvpn16
    }
    }
    mode local
    }
    client-ip-pool {
    start 10.0.0.100
    stop 10.0.0.119
    }
    dns-servers {
    server-1 8.8.8.8
    server-2 4.4.4.4
    }
    mtu 1492
    }
    }
    }


    /* Warning: Do not remove the following line. */
    /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
    /* Release version: v1.8.0.4853089.160219.1607 */
    config/url-filtering/ 0002755 0000000 0000146 00000000000 12721370010 014617 5 ustar root vyattacfg config/url-filtering/squidguard/ 0000755 0000000 0000000 00000000000 12721370010 015745 5 ustar root root config/url-filtering/squidguard/db/ 0000755 0000000 0000000 00000000000 12652530657 016354 5 ustar root root config/dhcpd.leases 0000644 0000000 0000000 00000001331 12721367447 013314 0 ustar root root # The format of this file is documented in the dhcpd.leases(5) manual page.
    # This lease file was written by isc-dhcp-4.1-ESV-R7

    lease 192.168.1.38 {
    starts 4 2015/01/01 00:01:42;
    ends 5 2015/01/02 00:01:42;
    #shared-network: LAN
    tstp 5 2015/01/02 00:01:42;
    cltt 4 2015/01/01 00:01:42;
    binding state free;
    hardware ethernet 00:1e:68:29:61:df;
    uid "\001\000\036h)a\337";
    }
    server-duid "\000\001\000\001\0347J\330D\331\347Qn\203";

    lease 192.168.1.39 {
    starts 3 2016/05/25 18:29:59;
    ends 4 2016/05/26 18:29:59;
    #shared-network: LAN
    cltt 3 2016/05/25 18:29:59;
    binding state active;
    next binding state free;
    hardware ethernet 00:26:6c:6b:fb:46;
    uid "\001\000&lk\373F";
    client-hostname "pc-lcardoso";
    }
    config/support/ 0002775 0000000 0000146 00000000000 12661727456 013601 5 ustar root vyattacfg config/wizard/ 0002755 0000041 0000146 00000000000 12451107007 014115 5 ustar www-data vyattacfg config/wizard/feature/ 0002755 0000041 0000146 00000000000 12451107007 015550 5 ustar www-data vyattacfg config/scripts/ 0002775 0000000 0000146 00000000000 12721370010 013525 5 ustar root vyattacfg config/scripts/post-config.d/ 0002775 0000000 0000146 00000000000 12661727455 016225 5 ustar root vyattacfg                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
  • O que está mal, para que não esteja haver comunicação no switch0?
  • R4V3RR4V3R 8500 Pontos
    @lhccardoso, como eu lhe disse acima, não há nada de errado com a configuração do roteador. Na verdade, nenhuma configuração que você venha a fazer nele irá impedir a comunicação entre dois hosts que estejam no mesmo switch, que é o seu caso. Desta forma, seu problema está em outro lugar, revise as configurações, principalmente de firewall local da máquina.
  • Firewall do Windows (10). Mas antes (eu estava com outro roteador- lkinksys E3000) e não tinha este problema. Comprei o EdgeRouter X à cerca de uma semana...e desde aí esta questão. Não entendo!!! MAs agora, já está tudo ok, depois de ir alterar as definições na firewall do Windows10. 
  • R4V3RR4V3R 8500 Pontos
    @lhccardoso, deixa eu adivinhar: O endereçamento da sub-rede que você usava com outro roteador era diferente do que é utilizado atualmente com o ER-X? pois é o Windows entende isso, e modifica as regras de firewall de acordo, considerando que você está agora conectado à uma rede diferente da que estava antes, por isso o problema. ;) 
Entre ou Registre-se para fazer um comentário.