search

jaysoffian / eap_proxy

Proxy EAP packets between interfaces on Linux devices such as the Ubiquiti Networks EdgeRouter™ and UniFi® Security Gateway.
BSD 3-Clause "New" or "Revised" License
562 stars 87 forks source link

Configuring Remaining Interfaces as Switch (ER-X) #35

Closed NativeScriptNewb closed 4 years ago

NativeScriptNewb commented 4 years ago

I'm using the Edge Router X. I have eap_proxy running with the ONT on Eth0, RG on Eth1, and Eth2 as LAN, which is where my Netgear R6300 lives. I'm planning on installing a switch and running CAT6 throughout my home next week. I'd like to use the EdgeRouter X as my router and put the Netgear 6300 into access point configuration.

Is there a way to add Eth2/3/4 to the EdgeRouter X's switch while using the eap_proxy config? I've tried adding Eth2/3/4 to the switch0 interface, but I get an error because the switch0 already has an IP. I don't want to create a VLAN, I'd like to keep everything on the same level. Can this be done with the ER-X while also running eap_proxy?

My desired interface configuration is:

Eth0 - ONT Eth1 - AT&T RG Eth2 - Access Point (LAN) Eth3 - Switch feeding my CAT6 lines (LAN) Eth4 - Open for network drive or printer (LAN)

What's the best practice to do this and retain performance? I don't want to bridge the connections, because the ER-X has a switch chip in it. Is switch0 being used in the eap_proxy setup? Or did the ER-X assign an IP automatically?

Here's my config:

set firewall all-ping enable set firewall broadcast-ping disable set firewall ipv6-name IPv6_WAN_IN default-action drop set firewall ipv6-name IPv6_WAN_IN description 'IPv6 packets from the Internet to LAN' set firewall ipv6-name IPv6_WAN_IN rule 1 action accept set firewall ipv6-name IPv6_WAN_IN rule 1 description 'Allow established sessions' set firewall ipv6-name IPv6_WAN_IN rule 1 state established enable set firewall ipv6-name IPv6_WAN_IN rule 1 state invalid disable set firewall ipv6-name IPv6_WAN_IN rule 1 state new disable set firewall ipv6-name IPv6_WAN_IN rule 1 state related enable set firewall ipv6-name IPv6_WAN_IN rule 2 action drop set firewall ipv6-name IPv6_WAN_IN rule 2 state established disable set firewall ipv6-name IPv6_WAN_IN rule 2 state invalid enable set firewall ipv6-name IPv6_WAN_IN rule 2 state new disable set firewall ipv6-name IPv6_WAN_IN rule 2 state related disable set firewall ipv6-name IPv6_WAN_IN rule 5 action accept set firewall ipv6-name IPv6_WAN_IN rule 5 description 'Allow ICMPv6' set firewall ipv6-name IPv6_WAN_IN rule 5 log disable set firewall ipv6-name IPv6_WAN_IN rule 5 protocol icmpv6 set firewall ipv6-name IPv6_WAN_LOCAL default-action drop set firewall ipv6-name IPv6_WAN_LOCAL description 'IPv6 packets from the Internet to the router' set firewall ipv6-name IPv6_WAN_LOCAL rule 10 action accept set firewall ipv6-name IPv6_WAN_LOCAL rule 10 description 'Allow established sessions' set firewall ipv6-name IPv6_WAN_LOCAL rule 10 log disable set firewall ipv6-name IPv6_WAN_LOCAL rule 10 state established enable set firewall ipv6-name IPv6_WAN_LOCAL rule 10 state invalid disable set firewall ipv6-name IPv6_WAN_LOCAL rule 10 state new disable set firewall ipv6-name IPv6_WAN_LOCAL rule 10 state related enable set firewall ipv6-name IPv6_WAN_LOCAL rule 20 action drop set firewall ipv6-name IPv6_WAN_LOCAL rule 20 description 'Drop invalid state' set firewall ipv6-name IPv6_WAN_LOCAL rule 20 log disable set firewall ipv6-name IPv6_WAN_LOCAL rule 20 state established disable set firewall ipv6-name IPv6_WAN_LOCAL rule 20 state invalid enable set firewall ipv6-name IPv6_WAN_LOCAL rule 20 state new disable set firewall ipv6-name IPv6_WAN_LOCAL rule 20 state related disable set firewall ipv6-name IPv6_WAN_LOCAL rule 50 action accept set firewall ipv6-name IPv6_WAN_LOCAL rule 50 description 'Allow ICMPv6' set firewall ipv6-name IPv6_WAN_LOCAL rule 50 log disable set firewall ipv6-name IPv6_WAN_LOCAL rule 50 protocol icmpv6 set firewall ipv6-name IPv6_WAN_LOCAL rule 60 action accept set firewall ipv6-name IPv6_WAN_LOCAL rule 60 description 'Allow DHCPv6' set firewall ipv6-name IPv6_WAN_LOCAL rule 60 destination port 546 set firewall ipv6-name IPv6_WAN_LOCAL rule 60 protocol udp set firewall ipv6-name IPv6_WAN_LOCAL rule 60 source port 547 set firewall ipv6-receive-redirects disable set firewall ipv6-src-route disable set firewall ip-src-route disable set firewall log-martians enable set firewall name WAN_IN default-action drop set firewall name WAN_IN description 'WAN to internal' set firewall name WAN_IN rule 10 action accept set firewall name WAN_IN rule 10 description 'Allow established/related' set firewall name WAN_IN rule 10 state established enable set firewall name WAN_IN rule 10 state related enable set firewall name WAN_IN rule 20 action drop set firewall name WAN_IN rule 20 description 'Drop invalid state' set firewall name WAN_IN rule 20 state invalid enable set firewall name WAN_LOCAL default-action drop set firewall name WAN_LOCAL description 'WAN to router' set firewall name WAN_LOCAL rule 10 action accept set firewall name WAN_LOCAL rule 10 description 'Allow established/related' set firewall name WAN_LOCAL rule 10 state established enable set firewall name WAN_LOCAL rule 10 state related enable set firewall name WAN_LOCAL rule 50 action drop set firewall name WAN_LOCAL rule 50 description 'Drop invalid state' set firewall name WAN_LOCAL rule 50 state invalid enableset firewall receive-redirects disable set firewall send-redirects enable set firewall source-validation disable set firewall syn-cookies enableset interfaces ethernet eth0 description WAN set interfaces ethernet eth0 duplex auto set interfaces ethernet eth0 firewall in ipv6-name IPv6_WAN_IN set interfaces ethernet eth0 firewall in name WAN_IN set interfaces ethernet eth0 firewall local ipv6-name IPv6_WAN_LOCAL set interfaces ethernet eth0 firewall local name WAN_LOCAL set interfaces ethernet eth0 speed autoset interfaces ethernet eth0 vif 0 address dhcp set interfaces ethernet eth0 vif 0 description 'WAN VLAN 0' set interfaces ethernet eth0 vif 0 dhcp-options default-route update set interfaces ethernet eth0 vif 0 dhcp-options default-route-distance 210 set interfaces ethernet eth0 vif 0 dhcp-options name-server update set interfaces ethernet eth0 vif 0 dhcpv6-pd pd 0 interface switch0 host-address '::1' set interfaces ethernet eth0 vif 0 dhcpv6-pd pd 0 interface switch0 prefix-id 1 set interfaces ethernet eth0 vif 0 dhcpv6-pd pd 0 interface switch0 service slaac set interfaces ethernet eth0 vif 0 dhcpv6-pd pd 0 prefix-length /60 set interfaces ethernet eth0 vif 0 dhcpv6-pd rapid-commit enable set interfaces ethernet eth0 vif 0 firewall in ipv6-name IPv6_WAN_IN set interfaces ethernet eth0 vif 0 firewall in name WAN_IN set interfaces ethernet eth0 vif 0 firewall local ipv6-name IPv6_WAN_LOCAL set interfaces ethernet eth0 vif 0 firewall local name WAN_LOCAL set interfaces ethernet eth0 vif 0 mac 'aa:bb:cc:dd:ee:ff' set interfaces ethernet eth1 description 'AT&T Router' set interfaces ethernet eth1 duplex auto set interfaces ethernet eth1 speed auto set interfaces ethernet eth2 address 192.168.2.254/24 set interfaces ethernet eth2 description LAN set interfaces ethernet eth2 ipv6 dup-addr-detect-transmits 1 set interfaces ethernet eth2 ipv6 router-advert cur-hop-limit 64 set interfaces ethernet eth2 ipv6 router-advert link-mtu 0 set interfaces ethernet eth2 ipv6 router-advert managed-flag false set interfaces ethernet eth2 ipv6 router-advert max-interval 600 set interfaces ethernet eth2 ipv6 router-advert other-config-flag false set interfaces ethernet eth2 ipv6 router-advert prefix '::/64' autonomous-flag true set interfaces ethernet eth2 ipv6 router-advert prefix '::/64' on-link-flag true set interfaces ethernet eth2 ipv6 router-advert prefix '::/64' valid-lifetime 2592000 set interfaces ethernet eth2 ipv6 router-advert reachable-time 0 set interfaces ethernet eth2 ipv6 router-advert retrans-timer 0 set interfaces ethernet eth2 ipv6 router-advert send-advert true set interfaces ethernet eth2 mtu 1500 set interfaces ethernet eth0 speed auto set interfaces loopback lo set port-forward auto-firewall enable set port-forward hairpin-nat enable set port-forward lan-interface eth2 set port-forward wan-interface eth0.0set service dhcp-server disabled false set service dhcp-server hostfile-update enable set service dhcp-server shared-network-name LAN2 authoritative enable set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 default-router 192.168.2.254 set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 dns-server 192.168.2.254 set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 lease 86400 set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 start 192.168.2.5 stop 192.168.2.200 set service dhcp-server static-arp disable set service dhcp-server use-dnsmasq disableset service dns forwarding cache-size 150 set service dns forwarding listen-on eth2 set service dns forwarding name-server 68.94.157.1 set service dns forwarding name-server 68.94.156.1 set service dns forwarding name-server 12.127.17.71 set service dns forwarding name-server 12.127.16.67set service gui http-port 80 set service gui https-port 443 set service gui older-ciphers enableset service nat rule 5010 description 'masquerade for WAN' set service nat rule 5010 outbound-interface eth0.0 set service nat rule 5010 type masquerade set service nat rule 6000 description 'MASQ all networks NTP to WAN' set service nat rule 6000 log disable set service nat rule 6000 outbound-interface eth2 set service nat rule 6000 outside-address port 1024-65535 set service nat rule 6000 protocol udp set service nat rule 6000 source port 123 set service nat rule 6000 type masquerade set system offload ipv4 vlan enableset service ssh port 22 set service ssh protocol-version v2 set service unms disableset service upnp set service upnp2 acl rule 9000 action deny set service upnp2 acl rule 9000 description 'Deny All' set service upnp2 acl rule 9000 external-port 0-65535 set service upnp2 acl rule 9000 local-port 0-65535 set service upnp2 acl rule 9000 subnet 0.0.0.0/0 set service upnp2 listen-on eth2 set service upnp2 nat-pmp enable set service upnp2 secure-mode enable set service upnp2 wan eth0.0

jaysoffian commented 4 years ago

Is there a way to add Eth2/3/4 to the EdgeRouter X's switch while using the eap_proxy config?

I don't know. I don't use an ERX.