"
After you hit save on the alias, you must also hit apply on aliases page.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
19.7 Legacy Series / Re: Failover glitches prevent it from working propery
January 21, 2020, 04:54:38 AM
In screenshot 4, I'm not a fan of the rules for MAIN_GW and BKUP_GW. They wont be getting hit for anything useful, instead the default route at the bottom is getting used which does not have a fail-over gateway group.
I would either change those two rules to destination: ! LAN net, and move them under VPN stuff but above default route stuff, or change the default route to use a fail-over gateway group containing both gateways.
I would either change those two rules to destination: ! LAN net, and move them under VPN stuff but above default route stuff, or change the default route to use a fail-over gateway group containing both gateways.
#3
19.7 Legacy Series / Re: Rate Limiting by IP?
November 28, 2019, 01:25:45 AM
Also,
You will likely want to change the protocol on the rule from "tcp" to "ip", otherwise non tcp ip traffic will bypass the sharper, such as udp.
You will likely want to change the protocol on the rule from "tcp" to "ip", otherwise non tcp ip traffic will bypass the sharper, such as udp.
#4
19.7 Legacy Series / Re: Rate Limiting by IP?
November 28, 2019, 01:08:22 AM
Hey,
Typically people will setup two rules and two pipes, one for "in" direction and one for "out". There is an option for "both" directions that i assume most people don't use it because of asymmetric speeds. You need to click advanced on the rule to see the option for it.
With the pipe you have no mask set, which may or may not be what you are after. Without a mask the pipe will be shared by all who are using it. if you wanted to able to do 100 meg per device for a total of 300 meg, you could set a mask.
Other than that it looks good to me.
Typically people will setup two rules and two pipes, one for "in" direction and one for "out". There is an option for "both" directions that i assume most people don't use it because of asymmetric speeds. You need to click advanced on the rule to see the option for it.
With the pipe you have no mask set, which may or may not be what you are after. Without a mask the pipe will be shared by all who are using it. if you wanted to able to do 100 meg per device for a total of 300 meg, you could set a mask.
Other than that it looks good to me.
#5
19.7 Legacy Series / Re: accessing dsl modem behind firewall with some caveats...
September 02, 2019, 05:16:23 AM
Crash, I believe i have the same setup as you working.
From memory the thing that made it work was creating an upstream gateway on each of the modemnet interfaces, with the IP address of the gateway being the address of the respective modems.
Some notes about other things that are are or are not set. No static route set, No NAT port forward set, outbound NAT has auto generated rules for modemnets', No floating or Lan firewall rules referencing modemnets'*, no modemnet firewall rules (not even any auto generated as "Disable force gateway" is ticked)
* I have a catch all allow RFC1918 at the top of my Lan firewall rules which lan->modem traffic does hit.
Hope this helps.
From memory the thing that made it work was creating an upstream gateway on each of the modemnet interfaces, with the IP address of the gateway being the address of the respective modems.
Some notes about other things that are are or are not set. No static route set, No NAT port forward set, outbound NAT has auto generated rules for modemnets', No floating or Lan firewall rules referencing modemnets'*, no modemnet firewall rules (not even any auto generated as "Disable force gateway" is ticked)
* I have a catch all allow RFC1918 at the top of my Lan firewall rules which lan->modem traffic does hit.
Hope this helps.
Pages1
