Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×
Reply
New Member
Posts: 4
Registered: ‎05-16-2014

Opening Ports

I'm having trouble with my new EdgeMax Router. I can't seem to RDP through it from the outside to my houes computer. I don't have this set up to do NAT. The router is a DHCP server and I used the wizard to set it up with LAN1 being WAN and LAN0 being my LAN. Is there a way to simply open port 3389 to allow all traffic? I don't want to forward to it as there are numerous people(customers) inside this LAN that may also want to use RDP and other services. Help?

Emerging Member
Posts: 83
Registered: ‎02-03-2014
Kudos: 20
Solutions: 7

Re: Opening Ports

You are not using NAT ? Are all your machines getting public IPs ?

New Member
Posts: 4
Registered: ‎05-16-2014

Re: Opening Ports

Yes, I have a /25 subnet that's being handed out.

Emerging Member
Posts: 83
Registered: ‎02-03-2014
Kudos: 20
Solutions: 7

Re: Opening Ports

You should probably post your config.

New Member
Posts: 4
Registered: ‎05-16-2014

Re: Opening Ports

Here's my config. It's just simply the 2LAN 1WAN from the wizard with my IP's populating it

 


admin@GWCoreRouter:~$ show configuration
firewall {
all-ping enable
broadcast-ping disable
conntrack-expect-table-size 4096
conntrack-hash-size 4096
conntrack-table-size 32768
conntrack-tcp-loose enable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
state {
established enable
related enable
}
}
rule 20 {
action drop
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
state {
established enable
related enable
}
}
rule 20 {
action drop
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address IPADDRESS/25
address 192.168.0.1/16
description "GW Local"
duplex auto
speed auto
}
ethernet eth1 {
address IPADDRESS/30
description Internet
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
}
ethernet eth2 {
address 192.168.2.1/24
description "Local 2"
disable
duplex auto
speed auto
}
ethernet eth3 {
duplex auto
speed auto
}
ethernet eth4 {
duplex auto
speed auto
}
ethernet eth5 {
duplex auto
speed auto
}
ethernet eth6 {
duplex auto
speed auto
}
ethernet eth7 {
duplex auto
speed auto
}
loopback lo {
}
}
service {
dhcp-server {
disabled false
shared-network-name Customer_Publics {
authoritative disable
subnet SUBNETINFO {
default-router DEFAULTROUTER
dns-server DNSSERVER
dns-server 8.8.4.4
lease 1209600
start STARTPUBLICIP'S {
stop ENDPUBLICIP'S
}
}
}
}
dns {
forwarding {
cache-size 150
listen-on eth0
listen-on eth2
}
}
gui {
https-port 443
}
nat {
}
snmp {
community public {
}
contact "Gifford Wireless Inc"
location "Gifford, Illinois"
}
ssh {
port 22
protocol-version v2
}
}
system {
gateway-address NEXTHOPIP
host-name GWCoreRouter
login {
user admin {
authentication {
encrypted-password ****************
plaintext-password ****************
}
full-name "Brian Hesterberg"
level admin
}
}
name-server 97.64.187.150
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
}

 

Established Member
Posts: 2,192
Registered: ‎05-30-2012
Kudos: 701
Solutions: 29

Re: Opening Ports


bhesterberg78 wrote:

Yes, I have a /25 subnet that's being handed out.


Difficult to say, but I notice you have firewall enabled...

 

ethernet eth1 {
   address IPADDRESS/30
   description Internet
   duplex auto
   firewall {
      in {
         name WAN_IN
         }
      local {
         name WAN_LOCAL
         }
      }
speed auto
}

 Maybe it's causing problems ?

 

New Member
Posts: 4
Registered: ‎05-16-2014

Re: Opening Ports

"Difficult to say, but I notice you have firewall enabled..."

 

 Yea, you are probably right. What's the best, safest way to disable it? I was afraid if I disabled it, it would reject all traffic.

Regular Member
Posts: 630
Registered: ‎11-06-2013
Kudos: 213
Solutions: 25

Re: Opening Ports

[ Edited ]
A lack of a firewall will not cause a reject of traffic, because there will be nothing looking at the traffic to reject it.

In the GUI, edit the firewall rule and remove the interface for WAN_IN or form the command line:

delete interfaces ethernet eth1 firewall in
Reply