{"id":1043,"date":"2014-07-28T21:20:33","date_gmt":"2014-07-29T02:20:33","guid":{"rendered":"http:\/\/www.nathanhunstad.com\/blog\/?p=1043"},"modified":"2014-07-28T21:23:57","modified_gmt":"2014-07-29T02:23:57","slug":"adventures-in-networking-part-2-initial-setup","status":"publish","type":"post","link":"http:\/\/www.nathanhunstad.com\/blog\/2014\/07\/adventures-in-networking-part-2-initial-setup\/","title":{"rendered":"Adventures in Networking, Part 2: Initial Setup"},"content":{"rendered":"<p><a href=\"http:\/\/www.nathanhunstad.com\/blog\/2014\/07\/adventures-in-networking-part-1-intro\/\" target=\"_blank\">Part 1<\/a> was the intro; now let\u2019s assume that you just bought your EdgeRouter Lite, unboxed it, and plugged it in. Now what? It\u2019s not exactly a plug-and-play device. Fortunately, it\u2019s not too hard to set it up, and there is a lot of help with EdgeOS if you need it.<\/p>\n<p><!--more--><\/p>\n<p>I started <a href=\"https:\/\/blog.dlasley.net\/2013\/06\/initial-configuration-ubiquiti-edgerouter-lite\/\" target=\"_blank\">here<\/a>, which is a pretty handy tutorial for initial setup. The tutorial is all\u00a0CLI, which you can either access directly via SSH or via the CLI interface in the web console. To connect to your router for the first time, connect via wire to the eth0 port with your client device (and don\u2019t put any other devices on yet), set up a static IP within the 192.168.1.0\/24 subnet, and either browse or ssh to 192.168.1.1. Default username and password are ubnt\/ubnt, and the first thing you want to do is change that. I added a new admin user with a strong password and deleted the ubnt user; that\u2019s probably the best approach to take.<\/p>\n<p>Once you\u2019ve done that, time to configure your interfaces. I followed the tutorial exactly: eth0 is my wired LAN interface, eth1 is my wireless LAN interface, and eth2 is the WAN interface. I set up DHCP on the WAN interface and configured the respective addresses on eth0 and eth1. Next, just like in the tutorial, I set up the DHCP servers for both eth0 and eth1 (although I use static IPs for the most part within my network). DNS forwarding was next, and easy. I skipped DynDNS since I don\u2019t have it. WAN Masquerading was also very easy. I disabled SNMP since I don\u2019t use it.<\/p>\n<p>The next big step was setting up the firewall rules, and here again I pretty much copied what was in the tutorial. These are simple ACL-based rules assigned to a specific interface with three options for direction: in, out, and local (traffic destined for the router itself). I set up the inbound rule on eth2 to allow established and drop the rest; the local rule was the same. Since we haven\u2019t defined an outbound rule, it pretty much allows all outbound traffic. This passed the good ol\u2019 <a href=\"https:\/\/www.grc.com\/x\/ne.dll?bh0bkyd2\" target=\"_blank\">ShieldsUP!<\/a> test, which was good enough for me.<\/p>\n<p>Finally, I set up a few of the system settings like DNS servers (<a href=\"https:\/\/developers.google.com\/speed\/public-dns\/\" target=\"_blank\">Google DNS<\/a> FTW) and hostname. And that was it!<\/p>\n<p>I plugged my Comcast router into eth2, my wireless-router-turn-access-point into eth1, and crossed my fingers. Lo and behold, it worked! I was able to access the internet no problem. The only change I had to make was the default gateway for all of my clients with static IPs, since I configured the EdgeRouter with a different address.<\/p>\n<p>That was enough to get me up and running. But who wants to stop there? The biggest gap I saw was that the eth0 interface could only handle one wired connection. What I needed was a hub\u2026or a switch\u2026or, better yet, a managed switch! Which is what I got, but that\u2019s part 3.<\/p>\n<p>Below is the configuration file for my initial setup. This is not what I\u2019m running now, but we\u2019ll get there.<\/p>\n<p><span style=\"font-family: 'Courier New';\">[codesyntax lang=&#8221;javascript&#8221;]<\/span><\/p>\n<pre>interfaces { \r\n\u00a0\u00a0\u00a0 ethernet eth0 { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 address 192.168.2.254\/24 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 description \"Wired LAN\" \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 duplex auto \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 speed auto \r\n\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0 ethernet eth1 { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 address 192.168.1.254\/24 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 description \"Wireless LAN\" \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 duplex auto \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 speed auto \r\n\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0 ethernet eth2 { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 address dhcp \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 description WAN \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 duplex auto \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 firewall { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 in { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 WAN-In \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 local { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 WAN-Local \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 speed auto \r\n\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0 loopback lo { \r\n\u00a0\u00a0\u00a0 } \r\n} \r\nservice { \r\n\u00a0\u00a0\u00a0 dhcp-server { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 disabled false \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 dynamic-dns-update { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 enable true \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 hostfile-update disable \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 shared-network-name LAN_DHCP { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 authoritative disable \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 subnet 192.168.2.0\/24 { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 default-router 192.168.2.254 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 dns-server 192.168.2.254 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 lease 86400 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 start 192.168.2.101 { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 stop 192.168.2.150 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 shared-network-name WLAN_DHCP { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 authoritative disable \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 subnet 192.168.1.0\/24 { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 default-router 192.168.1.254 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 dns-server 192.168.1.254 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 lease 86400 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 start 192.168.1.101 { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 stop 192.168.1.150 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0 dns { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 forwarding { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 cache-size 1000 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 listen-on eth0 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 listen-on eth1 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0 nat { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 rule 5000 { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 description WAN_MASQ \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 log enable \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 outbound-interface eth2 \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 protocol all \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 type masquerade \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0 } \r\nsystem { \r\n\u00a0\u00a0\u00a0 host-name erl1 \r\n\u00a0\u00a0\u00a0 login { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 *snip* \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0 name-server 8.8.8.8 \r\n\u00a0\u00a0\u00a0 name-server 8.8.4.4 \r\n\u00a0\u00a0\u00a0 time-zone America\/Chicago \r\n}<\/pre>\n<p><span style=\"font-family: 'Courier New';\">[\/codesyntax]<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Part 1 was the intro; now let\u2019s assume that you just bought your EdgeRouter Lite, unboxed it, and plugged it in. Now what? It\u2019s not exactly a plug-and-play device. Fortunately, it\u2019s not too hard to set it up, and there is a lot of help with EdgeOS if you need it.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[19],"tags":[113,251,249,250],"class_list":["post-1043","post","type-post","status-publish","format-standard","hentry","category-tech-2","tag-computer","tag-edgeos","tag-networking","tag-router","entry"],"aioseo_notices":[],"_links":{"self":[{"href":"http:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/posts\/1043","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/comments?post=1043"}],"version-history":[{"count":2,"href":"http:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/posts\/1043\/revisions"}],"predecessor-version":[{"id":1045,"href":"http:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/posts\/1043\/revisions\/1045"}],"wp:attachment":[{"href":"http:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/media?parent=1043"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/categories?post=1043"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/tags?post=1043"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}