Edgerouter X issues - FIXED PPPoE is different

cats_five · 12 Dec 2021 at 08:12

I'm the proud new owner of FTTP and I got an Edgerouter X as my new router.

Edit: To make it clear there are two different Pis, one running a website for public access which is issue #1, and the other running PiHole which has issue #2.

I have two outstanding issues:

1) Port forwarding isn't working. I've put the details in, Hairpin NAT & Auto Firewall are ticked and no access. The request isn't being forwarded - there's no sign of it in the logs on the Pi running the web server. From config.boot:

Code:

port-forward {
    auto-firewall enable
    hairpin-nat enable
    lan-interface switch0
    rule 1 {
        description HTTP
        forward-to {
            address 192.168.1.205
            port 80
        }
        original-port 80
        protocol tcp_udp
    }
    rule 2 {
        description HTTPS
        forward-to {
            address 192.168.1.205
            port 443
        }
        original-port 443
        protocol tcp_udp
    }
    wan-interface eth0
}

2) I couldn't get PiHole working with it. It was working well previously. I found the PiHole itself could access the Internet via nslookup, but my PC couldn't access the PiHole (timed out) so couldn't access the Internet. In the end I took the Pi away and at present the EdgeRouter is doing DNS & DHCP. The PC could ping the PiHole and putty could log in to it. I tried a coupe of ways mentioned on the Internet for making it work without success.

I have a sneaky feeling fixing #1 will fix #2, but of course I could be oh so wrong! Yes I've done lots of Google etc. to no avail. I also tried the Ubiquiti forums but there is so much traffic most questions seem to drop off without any answers.

ecksmen · 12 Dec 2021 at 15:29

Have you configured Pi to allow connections from remote host. A quick google suggests "Settings > DNS > Interface Listening behavior > Listen on all interfaces, permit all origin".

Similarly, unless the PI supports QUIC then change protocol to TCP only. Out of interest why are you exposing the web interface?

Turn · 12 Dec 2021 at 16:05

Does the port forward outside of your LAN, so on mobile data for example, or does it just not work at all.

cats_five · 12 Dec 2021 at 16:31

ecksmen said:
Have you configured Pi to allow connections from remote host. A quick google suggests "Settings > DNS > Interface Listening behavior > Listen on all interfaces, permit all origin".

Similarly, unless the PI supports QUIC then change protocol to TCP only. Out of interest why are you exposing the web interface?

The only change made to the Pi from when it was working with the old router was to the gateway it sends from DHCP - from 192.168.1.254 to 192.168.1.1.

The web interface should not be exposed - incoming for ports 80 & 443 should go to the separate Pi with the web server for the weather station, not the PiHole Pi.

cats_five · 12 Dec 2021 at 16:32

0007 said:
Does the port forward outside of your LAN, so on mobile data for example, or does it just not work at all.

I tried on mobile data so I was outside my LAN and no, it doesn't forward. Nothing appears in the Apache logs on that Pi.

Fishman · 15 Dec 2021 at 20:04

I don't have FTTP but VDSL. Is your WAN interface eth0 or perhaps maybe it is pppoe0?

cats_five · 16 Dec 2021 at 16:42

Fishman said:
I don't have FTTP but VDSL. Is your WAN interface eth0 or perhaps maybe it is pppoe0?

eth0 is in all the documentation & examples I can find.

the-evaluator · 16 Dec 2021 at 17:19

Changes are the WAN interface needs to be pppoe0 rather than eth0. It needs to be applied to the logical interface, not is not necessarily the physical interface.

If I SSH into my USG and do 'show interfaces' then the public IP address is assigned to pppoe0 rather than the physical WAN interface.

cats_five · 16 Dec 2021 at 19:09

the-evaluator said:
Changes are the WAN interface needs to be pppoe0 rather than eth0. It needs to be applied to the logical interface, not is not necessarily the physical interface.

If I SSH into my USG and do 'show interfaces' then the public IP address is assigned to pppoe0 rather than the physical WAN interface.

That was indeed it. Not sure if older info is different (everything I found said eth0) but all seems fine now.

Many thanks.

Fishman · 16 Dec 2021 at 19:29

cats_five said:
That was indeed it. Not sure if older info is different (everything I found said eth0) but all seems fine now.

Many thanks.

eth0 is usually if it is a pure DHCP connection without username and password that you get with pppoe.
My current talktalk VDSL uses eth0 as its DHCP, my previous Plusnet was pppoe authentication so on switching ISP had to swap out pppoe0 for eth0 in a number of places (port forwarding, firewall rules, Firewall/NAT>NAT>masquerade for LAN)

cats_five · 17 Dec 2021 at 07:26

Fishman said:
eth0 is usually if it is a pure DHCP connection without username and password that you get with pppoe.
My current talktalk VDSL uses eth0 as its DHCP, my previous Plusnet was pppoe authentication so on switching ISP had to swap out pppoe0 for eth0 in a number of places (port forwarding, firewall rules, Firewall/NAT>NAT>masquerade for LAN)

Thanks. Now I need to find & remove all the extra rules we created here & there to try and fix it!

the-evaluator · 17 Dec 2021 at 07:28

It totally depends on the local environment and ISP. So posts saying eth0 are correct but they're correct for the setup that person has.