Home Network Firewall Options

coliver

Modem <-> ERX <-> Network

Dashrender

@wirestyle22 said:

@Dashrender said:

@wirestyle22 said:

Switched from Optimum to fios recently and I just attempted to get my ERX setup and It's not playing well. I had both a cable modem and router separately before and it worked perfectly but the fios router isn't playing well with the ERX. Is it possible for me to allow the fios router to be the DHCP server and just use the ERX as a firewall/switch? I didn't see anything in EdgeOS but I'm possibly missing it. Figured I would ask.

Sure, but it's only a DHCP to the outside interface of the ERX, not you're whole network. The ERX is a DHCP server to your devices inside your network.

I'm sure I'm misconfiguring. So you have the external router connected to the ISP only with the ERX having a statically assigned IP and DHCP disabled on the fios router. Then connect everything to the ERX firewall. The gateway of the ERX would be the fios router. This is all correct?

If FIOS will give you a dedicated IP, yes. Many home based ISPs will not give you a dedicated IP, so you're forced to use DHCP on the external interface of your ERX. This is normally fine, and how all those home routers in Best Buy expect to work (by getting a DHCP assigned IP from the ISP), the home router (ERX in your case) has a static internal IP, and then the home router (again ERX for you) uses DHCP to the home users.

wirestyle22

@Dashrender said:

@wirestyle22 said:

@Dashrender said:

@wirestyle22 said:

Switched from Optimum to fios recently and I just attempted to get my ERX setup and It's not playing well. I had both a cable modem and router separately before and it worked perfectly but the fios router isn't playing well with the ERX. Is it possible for me to allow the fios router to be the DHCP server and just use the ERX as a firewall/switch? I didn't see anything in EdgeOS but I'm possibly missing it. Figured I would ask.

Sure, but it's only a DHCP to the outside interface of the ERX, not you're whole network. The ERX is a DHCP server to your devices inside your network.

I'm sure I'm misconfiguring. So you have the external router connected to the ISP only with the ERX having a statically assigned IP and DHCP disabled on the fios router. Then connect everything to the ERX firewall. The gateway of the ERX would be the fios router. This is all correct?

If FIOS will give you a dedicated IP, yes. Many home based ISPs will not give you a dedicated IP, so you're forced to use DHCP on the external interface of your ERX. This is normally fine, and how all those home routers in Best Buy expect to work (by getting a DHCP assigned IP from the ISP), the home router (ERX in your case) has a static internal IP, and then the home router (again ERX for you) uses DHCP to the home users.

I believe this is how I attempted to do it but I will verify tonight again and we'll see if I made a mistake or not.

Dashrender

@wirestyle22 said:

@Dashrender said:

@wirestyle22 said:

@Dashrender said:

@wirestyle22 said:

Switched from Optimum to fios recently and I just attempted to get my ERX setup and It's not playing well. I had both a cable modem and router separately before and it worked perfectly but the fios router isn't playing well with the ERX. Is it possible for me to allow the fios router to be the DHCP server and just use the ERX as a firewall/switch? I didn't see anything in EdgeOS but I'm possibly missing it. Figured I would ask.

Sure, but it's only a DHCP to the outside interface of the ERX, not you're whole network. The ERX is a DHCP server to your devices inside your network.

I'm sure I'm misconfiguring. So you have the external router connected to the ISP only with the ERX having a statically assigned IP and DHCP disabled on the fios router. Then connect everything to the ERX firewall. The gateway of the ERX would be the fios router. This is all correct?

If FIOS will give you a dedicated IP, yes. Many home based ISPs will not give you a dedicated IP, so you're forced to use DHCP on the external interface of your ERX. This is normally fine, and how all those home routers in Best Buy expect to work (by getting a DHCP assigned IP from the ISP), the home router (ERX in your case) has a static internal IP, and then the home router (again ERX for you) uses DHCP to the home users.

I believe this is how I attempted to do it but I will verify tonight again and we'll see if I made a mistake or not.

Things to test to make sure it's working. From the ERX make sure you can ping the FIOS router, then see if you can ping Google DNS 8.8.8.8 or 8.8.4.4 If those work, then you know you have traffic from the ERX to the internet... then you just need to solve your internal rules problems if local computers can't get to the internet.

wirestyle22

@Dashrender said:

@wirestyle22 said:

@Dashrender said:

@wirestyle22 said:

@Dashrender said:

@wirestyle22 said:

Switched from Optimum to fios recently and I just attempted to get my ERX setup and It's not playing well. I had both a cable modem and router separately before and it worked perfectly but the fios router isn't playing well with the ERX. Is it possible for me to allow the fios router to be the DHCP server and just use the ERX as a firewall/switch? I didn't see anything in EdgeOS but I'm possibly missing it. Figured I would ask.

Sure, but it's only a DHCP to the outside interface of the ERX, not you're whole network. The ERX is a DHCP server to your devices inside your network.

I'm sure I'm misconfiguring. So you have the external router connected to the ISP only with the ERX having a statically assigned IP and DHCP disabled on the fios router. Then connect everything to the ERX firewall. The gateway of the ERX would be the fios router. This is all correct?

If FIOS will give you a dedicated IP, yes. Many home based ISPs will not give you a dedicated IP, so you're forced to use DHCP on the external interface of your ERX. This is normally fine, and how all those home routers in Best Buy expect to work (by getting a DHCP assigned IP from the ISP), the home router (ERX in your case) has a static internal IP, and then the home router (again ERX for you) uses DHCP to the home users.

I believe this is how I attempted to do it but I will verify tonight again and we'll see if I made a mistake or not.

Things to test to make sure it's working. From the ERX make sure you can ping the FIOS router, then see if you can ping Google DNS 8.8.8.8 or 8.8.4.4 If those work, then you know you have traffic from the ERX to the internet... then you just need to solve your internal rules problems if local computers can't get to the internet.

Yeah I'm sure it's a misconfiguration somewhere

wirestyle22

wirestyle22

Got it working. I did it manually and it worked.

Dashrender

@wirestyle22 said:

Got it working. I did it manually and it worked.

Rockin!

wrx7m

I would like to add that I ran into some issue with the ERX configuration because I was using ETH1 as wan and ETH0 as LAN. I swapped them and ran the wizard and everything fell into place.

JaredBusch

@wrx7m said:

I would like to add that I ran into some issue with the ERX configuration because I was using ETH1 as wan and ETH0 as LAN. I swapped them and ran the wizard and everything fell into place.

You can run any port you want as the WAN or LAN because it is a router. So anything you were experiencing was simply a misconfiguration.

That said, I always recommend that people run the default wizard and use eth0 for WAN and eth1-4 for the LAN just so when they have to google something, they will likely be able to simply use the results.

Jason

@JaredBusch said:

@wrx7m said:

I would like to add that I ran into some issue with the ERX configuration because I was using ETH1 as wan and ETH0 as LAN. I swapped them and ran the wizard and everything fell into place.

You can run any port you want as the WAN or LAN because it is a router. So anything you were experiencing was simply a misconfiguration.

That said, I always recommend that people run the default wizard and use eth0 for WAN and eth1-4 for the LAN just so when they have to google something, they will likely be able to simply use the results.

Yep. Eth0 or gigabit 0/0 is pretty standard to use as wan on any router. No reason to confuse people by changing it up (even though you should really use port descriptions if you can)

wirestyle22

I'm really impressed at EdgeOS. I can't talk its praises enough. For $60 I can't see anything else comparing.

JaredBusch

@wirestyle22 said:

I'm really impressed at EdgeOS. I can't talk its praises enough. For $60 I can't see anything else comparing.

That is Ubiquiti's entire point

Jason

@wirestyle22 said:

I'm really impressed at EdgeOS. I can't talk its praises enough. For $60 I can't see anything else comparing.

Ah, EdgeOS is nothing special. Ubquiti didn't to much work to it (because it didn't need much) VyOS/Vyatta is where all the magic came from.. Brocade tried Killing the Vyatta community edition though. So everything now is a fork from before Brocade bought them.

wirestyle22

@Jason said:

@wirestyle22 said:

I'm really impressed at EdgeOS. I can't talk its praises enough. For $60 I can't see anything else comparing.

Ah, EdgeOS is nothing special. Ubquiti didn't to much work to it (because it didn't need much) VyOS/Vyatta is where all the magic came from.. Brocade tried Killing the Vyatta community edition though. So everything now is a fork from before Brocade bought them.

For $60 is the real point though. It was a great recommendation from @Dashrender and @JaredBusch

Jason

@wirestyle22 said:

@Jason said:

@wirestyle22 said:

I'm really impressed at EdgeOS. I can't talk its praises enough. For $60 I can't see anything else comparing.

Ah, EdgeOS is nothing special. Ubquiti didn't to much work to it (because it didn't need much) VyOS/Vyatta is where all the magic came from.. Brocade tried Killing the Vyatta community edition though. So everything now is a fork from before Brocade bought them.

For $60 is the real point though. It was a great recommendation from @Dashrender and @JaredBusch

Yes, But what I'm saying is EdgeOS isn't really ubquiti's creation. You are just paying for Hardware really.

JaredBusch

@Jason said:

@wirestyle22 said:

@Jason said:

@wirestyle22 said:

I'm really impressed at EdgeOS. I can't talk its praises enough. For $60 I can't see anything else comparing.

Ah, EdgeOS is nothing special. Ubquiti didn't to much work to it (because it didn't need much) VyOS/Vyatta is where all the magic came from.. Brocade tried Killing the Vyatta community edition though. So everything now is a fork from before Brocade bought them.

For $60 is the real point though. It was a great recommendation from @Dashrender and @JaredBusch

Yes, But what I'm saying is EdgeOS isn't really ubquiti's creation. You are just paying for Hardware really.

Have you kept up on it? They continue to customize and improve from that original fork.

Jason

@JaredBusch said:

@Jason said:

@wirestyle22 said:

@Jason said:

@wirestyle22 said:

I'm really impressed at EdgeOS. I can't talk its praises enough. For $60 I can't see anything else comparing.

Ah, EdgeOS is nothing special. Ubquiti didn't to much work to it (because it didn't need much) VyOS/Vyatta is where all the magic came from.. Brocade tried Killing the Vyatta community edition though. So everything now is a fork from before Brocade bought them.

For $60 is the real point though. It was a great recommendation from @Dashrender and @JaredBusch

Yes, But what I'm saying is EdgeOS isn't really ubquiti's creation. You are just paying for Hardware really.

Have you kept up on it? They continue to customize and improve from that original fork.

Nope. Mine's still at 1.5.x or 1.6 that the ERL came with originally. Haven't needed to updated it.

wrx7m

@Jason Eth0 has been LAN on my SonicWALL and Sophos SG 210. I thought that was weird but I just got used to it, so I mirrored the config on the ERX. I understand that there must have been a configuration issue but wasn't sure what it would have been. The WAN port was on DHCP, the LAN was set with a DHCP server on it for connected clients but I couldn't get out. I swapped them and ran the wizard and it worked.

JaredBusch

@wrx7m said:

@Jason Eth0 has been LAN on my SonicWALL and Sophos SG 210. I thought that was weird but I just got used to it, so I mirrored the config on the ERX. I understand that there must have been a configuration issue but wasn't sure what it would have been. The WAN port was on DHCP, the LAN was set with a DHCP server on it for connected clients but I couldn't get out. I swapped them and ran the wizard and it worked.

Willing to bet you had the WAN port also on the switch0.