You are on page 1of 10

EdgeMAX - SOHO Example - Ubiquiti Networks Community

7/17/13 8:51 PM

COMMUNITY

SIGN IN

REGISTER

Home

Forums

Knowledge Base
Bookmarks

Blogs
Unread Posts

Search

Knowledge Base

SEARCH

Subscriptions
Ubiquiti Networks Community

Mark As Read

Recent Posts

Recent Topics

FAQ

Ubiquiti Networks Community Knowledge Base

EdgeMAX Knowledge Base

EdgeMAX - Configuration Examples Knowledge Base

EdgeMAX - SOHO Example


by UBNT-James on 03-11-2013 12:19 PM - edited Monday by UBNT-Matt
Article Options

This article is an example of how a small office might configure their EdgeRouter to connect the office with the Internet. Note: if you're not interested in learning how to do it and just want an example configuration, this forum thread mrjester's Basic SOHO/HOME Config There are three networks: 1. WAN - dhcp client (getting public address from ISP) 2. LAN - 172.16.0.1/24 3. WLAN - 172.16.1.1/24

Physical Network Diagram

Setup Interfaces
From the dashboard tab we can configure the IP address on the interfaces and give optional descriptions.

http://community.ubnt.com/t5/EdgeMAX-Configuration-Examples/EdgeMAX-SOHO-Example/ta-p/413019

Page 1 of 10

EdgeMAX - SOHO Example - Ubiquiti Networks Community

7/17/13 8:51 PM

Note: this example is using DHCP client to request a addresss. If you have static IP addresses see adding static IP, gateway, name server

Create New User


One of the first things you'll want to do is get rid of the default 'ubnt' user (or at least change it to a strong password). In these next 3 screenshots we'll first create a new user.

We can't delete a user that is still logged in, so we'll logout and back in as our new users.

http://community.ubnt.com/t5/EdgeMAX-Configuration-Examples/EdgeMAX-SOHO-Example/ta-p/413019

Page 2 of 10

EdgeMAX - SOHO Example - Ubiquiti Networks Community

7/17/13 8:51 PM

Now we can delete the default user account.

Setup DHCP servers


We'll create 2 dhcp servers 1) for the LAN subnet and 2) for the wireless LAN subnet.

http://community.ubnt.com/t5/EdgeMAX-Configuration-Examples/EdgeMAX-SOHO-Example/ta-p/413019

Page 3 of 10

EdgeMAX - SOHO Example - Ubiquiti Networks Community

7/17/13 8:51 PM

Configure DNS forwarding


In the previous DHCP server page we defined the dns server as the router's address, so we'll enable DNS forwarding to listen for DNS requests on both the LAN (eth0) and the WLAN (eth1).

Configure NAT
We're using private address on our LAN and WLAN, so we'll need a NAT Masquerade rule for outbound interface eth0.

http://community.ubnt.com/t5/EdgeMAX-Configuration-Examples/EdgeMAX-SOHO-Example/ta-p/413019

Page 4 of 10

EdgeMAX - SOHO Example - Ubiquiti Networks Community

7/17/13 8:51 PM

Stateful Firewall
The following example firewall is just very basic (and not necessarily recommended). Basically this allow any traffic from LAN, WLAN or the router to be initiated out to Internet, but drop all traffic initiated from Internet. Before we jump into the example we should first discuss the EdgeOS firewall terminology for IN, OUT, and LOCAL. Applying a firewall ruleset to the INfirewall of an interface affect traffic inbound on that interface but only the traffic forwarded through the router. OUT is traffic that has been forwarded through the router and about to leave exit out the interface. LOCAL is traffic destined for the router (for example if you wanted to use the web UI on the router you'd need to allow port 443 on LOCAL. In terms of using IN or OUT rules, some will say that IN is better because if you're going to drop a packet it's better to do it on input rather than go through the full packet processing path only to drop it before it leaves the router. First we'll use the 'Add Ruleset' to create the WAN_IN and WAN_LOCAL Rulesets

http://community.ubnt.com/t5/EdgeMAX-Configuration-Examples/EdgeMAX-SOHO-Example/ta-p/413019

Page 5 of 10

EdgeMAX - SOHO Example - Ubiquiti Networks Community

7/17/13 8:51 PM

Select to 'Edit Ruleset' on WAN_IN

Click 'Add a New Rule'

http://community.ubnt.com/t5/EdgeMAX-Configuration-Examples/EdgeMAX-SOHO-Example/ta-p/413019

Page 6 of 10

EdgeMAX - SOHO Example - Ubiquiti Networks Community

7/17/13 8:51 PM

The first rule will 'accept' any packet that has state established or related

Select those state on the 'Advanced' tab

http://community.ubnt.com/t5/EdgeMAX-Configuration-Examples/EdgeMAX-SOHO-Example/ta-p/413019

Page 7 of 10

EdgeMAX - SOHO Example - Ubiquiti Networks Community

7/17/13 8:51 PM

For the 2nd rule we'll drop packets that have state invalid set

Now apply this firewall ruleset to an interface/direction.

http://community.ubnt.com/t5/EdgeMAX-Configuration-Examples/EdgeMAX-SOHO-Example/ta-p/413019

Page 8 of 10

EdgeMAX - SOHO Example - Ubiquiti Networks Community

7/17/13 8:51 PM

Now we'll basically add the same 2 rules to WAN_LOCAL and then apply it to eth0/local.

System Settings
Lastly we'll use the 'system' tab from the bottom of the page to configure our hostname, nameserver, domain name, time-zone and various other system settings. Notice that if you're ISP assigned you a static public address instead of using DHCP, then you would configure your gateway here.

http://community.ubnt.com/t5/EdgeMAX-Configuration-Examples/EdgeMAX-SOHO-Example/ta-p/413019

Page 9 of 10

EdgeMAX - SOHO Example - Ubiquiti Networks Community

7/17/13 8:51 PM

The resulting config from this example can be seen at SOHO_Edgemax_Example_Config_Boot.

6 Kudos

Contributors

FCC Compliance Information


For information on compliance with FCC rules and requirements, please read this: FCC Compliance Information

Platforms
EdgeMax airMax airFiber airVision UniFi mFi

Support
Support Downloads Training

Company
About Us Contact Us Marketing Investors

2013 Ubiquiti Networks. All rights reserved. Terms of Service and Privacy Policy

http://community.ubnt.com/t5/EdgeMAX-Configuration-Examples/EdgeMAX-SOHO-Example/ta-p/413019

Page 10 of 10

You might also like