Topics created by mroth911

Here is an ER4 I have with this scenario.

AT&T WAN: 12.X.X.70/30
AT&T Gateway: 12.X.X.69/30
AT&T Routed Block: 12.X.X.240/29 (My IP addresses)
My LAN: 10.1.1.0/24

Interface setup:

interfaces { ethernet eth0 { address 12.X.X.70/30 description "AT&T FIber" duplex full firewall { in { name WAN_IN } local { name WAN_LOCAL } } speed 100 } ethernet eth1 { address 10.1.1.1/24 address 10.204.1.1/24 description "St Charles LAN" duplex auto firewall { in { name LAN_IN } local { name LAN_LOCAL } } speed auto vif 5 { address 10.204.5.1/24 description "Guest WiFi" mtu 1500 } } ethernet eth2 { duplex auto speed auto } ethernet eth3 { duplex auto speed auto } }

System:

system { gateway-address 12.X.X.69 }

Service-> Nat:

nat { rule 1 { description "Forward Telnet from Epicor" destination { group { address-group ATT242 } port 23 } inbound-interface eth0 inside-address { address 10.1.1.250 port 23 } log enable protocol tcp source { group { address-group EpicorIPAddr } } type destination } rule 2 { description "Forward RDP from Epicor" destination { group { address-group ATT242 } port 3389 } inbound-interface eth0 inside-address { address 10.1.1.12 port 3389 } log enable protocol tcp source { group { address-group EpicorIPAddr } } type destination } rule 3 { description "Allow SMTP from Google" destination { group { address-group ATT242 } port 25 } inbound-interface eth0 inside-address { address 10.1.1.5 port 25 } log disable protocol tcp source { group { network-group Google_SMTP_Networks } } type destination } rule 4 { description "Allow SMTP from Google" destination { group { address-group ATT242 } port 587 } inbound-interface eth0 inside-address { address 10.1.1.5 port 587 } log disable protocol tcp source { group { network-group Google_SMTP_Networks } } type destination } rule 5 { description "Inboud PBX traffic" destination { group { address-group PBX_Outside } } inbound-interface eth0 inside-address { address 10.1.1.30 } log disable protocol all source { group { } } type destination } rule 6 { description "Inbound Web Traffic" destination { group { address-group ATT242 port-group Web_Ports } } inbound-interface eth0 inside-address { address 10.1.1.22 } log disable protocol tcp source { group { } } type destination } rule 5900 { description "PBX Traffic" log disable outbound-interface eth0 outside-address { address 12.X.X.244 } protocol all source { group { address-group PBX_Inside } } type source } rule 5997 { description LAN log disable outbound-interface eth0 outside-address { address 12.X.X.242 } protocol all source { address 10.1.1.0/24 group { } } type source } rule 5998 { description "Public WiFI" log disable outbound-interface eth0 outside-address { address 12.X.X.243 } protocol all source { address 10.204.5.0/24 group { } } type source } rule 5999 { description "Default NAT Masquerade" log disable outbound-interface eth0 protocol all type masquerade } }

Firewall Groups:

firewall { group { address-group ATT242 { address 12.X.X.242 description "AT&T IP 242" } address-group ATT243 { address 12.X.X.243 description "AT&T IP 243" } address-group EpicorIPAddr { address 159.66.236.224 address 159.66.234.224 description "Epicor IP Addresses" } address-group Exchange_Servers { address 10.1.1.5 description "Internal Exchange Servers" } address-group Internal_Web { address 10.1.1.22 description "Internal Webservers" } address-group PBX_Inside { address 10.1.1.30 description "Phone System Internal IP" } address-group PBX_Outside { address 12.X.X.244 description "Phone System External IP" } network-group Google_SMTP_Networks { description "Networks used by Google to send SMTP" network 216.239.32.0/19 network 209.85.128.0/17 network 173.194.0.0/16 network 74.125.0.0/16 network 72.14.192.0/18 network 66.249.80.0/20 network 66.102.0.0/20 network 64.233.160.0/19 network 64.18.0.0/20 network 207.126.144.0/20 } network-group Private_LAN { description "Private LAN Networks" network 10.204.0.0/16 } port-group SMTP_Ports { description "Ports used for SMTP" port 25 port 587 } port-group Web_Ports { description "Inbound Web Ports" port 80 port 443 } }

@jaredbusch said in Ubuntu Questions:

@dafyre said in Ubuntu Questions:

If your Subnet is 255.255.255.224, then that's not going to work... The math works out to where you have two usable IP addresses with that subnet.

Check and make sure you have the subnet mask right.

.224 is not 2 IP addresses. That is a /27 with 32 IP addresses in the block with 30 usable (one of which is the gateway) in the traditional method of ISP handoff. But that is also not what he has. see the other post.

You are indeed correct. Some dummy didn't use his cheating tools correctly yesterday.

@mroth911 said in Setup network Bristol ct:

@JaredBusch public ip on vlan 50 are randomly dropping internet connection? Any thoughts.

Equipment
Er3- lite
Hp-2920
Ubiquity 24 switch lite
Ubiquity wifi router

Yeah first thing to figure out is where they are dropping - are the VMs dropping it, the Scale vSwitch, the real switch (unlikely) or the firewall or (NN) the ISP 😛

@dashrender said in Ubiquity er3 ,switch and WiFi:

No, his issue is that he bought an Air Router, not an AP. So anything connecting to his WiFi was behind a second NAT router.

He's sending that back and buying a UAP-AC Lite.

Oh, okay, now I follow.

@zachary715 No problem. But as I said, there is absolutely nothing wrong with the server install that you had. I simply always just do instructions from minimal. I never assume a person has anything more than that.

@mroth911 said in ER-3 -Comcast Fiber:

it's not going threw nat at all? Wondering why eth2 is show ip 242 when i have the nic set to 66 .. Frustrating wish i new more time to learn! Thank you guys for all your help.

The traffic from eth2 is most certainly hitting the NAT masquerade rule.

3CX is a decent enough solution, but it does have costs that other systems do not.

FreePBX is what I recommend to the casual admin or IT guy that want to do it themselves.

For more advanced people that know a thing or two about a PBX, I tell them about Wazo and FusionPBX.

Here is my ELR config at home.

jbusch@jared:~$ show configuration commands service | grep dhcp-server set service dhcp-server disabled false set service dhcp-server hostfile-update enable set service dhcp-server shared-network-name LAN authoritative disable set service dhcp-server shared-network-name LAN description 'LAN eth1' set service dhcp-server shared-network-name LAN subnet 10.254.103.0/24 bootfile-name settings/snom.htm set service dhcp-server shared-network-name LAN subnet 10.254.103.0/24 default-router 10.254.103.1 set service dhcp-server shared-network-name LAN subnet 10.254.103.0/24 dns-server 10.254.103.1 set service dhcp-server shared-network-name LAN subnet 10.254.103.0/24 lease 28800 set service dhcp-server shared-network-name LAN subnet 10.254.103.0/24 ntp-server 10.254.103.1 set service dhcp-server shared-network-name LAN subnet 10.254.103.0/24 start 10.254.103.31 stop 10.254.103.254 set service dhcp-server shared-network-name LAN subnet 10.254.103.0/24 time-server 10.254.103.1 set service dhcp-server shared-network-name LAN subnet 10.254.103.0/24 unifi-controller 207.244.223.13 set service dhcp-server use-dnsmasq disable

@r3dpand4 said in Routers and switches:

+100 for Ubiquiti, also take a look at Mikrotik

Yeah, both are good. Amazing how good a lot of options are today. For cheap.

@davedemlow said in Scale HC3 cluster for sale:

SM863

Samsung Midrange. Not bad actually. Those are closer to 90 cents a GB if memory serves (If Dell Firmware, could maybe get a buck 20 per GB).

Thank you anyways ... got to maybe rent it out then if anyone needs space.

@mroth911 said in Windows 10 Help:

Let me also throw in.. that I am running server 2008 on my dc.

Not that shouldn't matter.

It should be mentioned because it is an important approach, that for most of us, any talk of needing WordPress, cPanel and generic PHP web hosted would send us to providers like A Small Orange (that's who we use at NTG) to handle that for us. Fully hosted, full support and already tuned for around $5 - $10/mo. You get all of the load balancing, tools, cPanel licensing and such included. Hard to beat.

@scottalanmiller said in Designing a Reliable Web Application:

@thwr said in Designing a Reliable Web Application:

@scottalanmiller said in Designing a Reliable Web Application:

@thwr said in Designing a Reliable Web Application:

Don't know if KVM or Xen can do active standby VM's (mirrored VMs) like VMWare, at least Hyper-V can't do that (as of 2012R2)

Do you mean shared memory where there is full fault tolerance and absolutely zero downtime and zero crash consistency issues? Then no, no one does that except for VMware right now. It's the biggest feature that I think makes VMware worth it for shops that need VMware. But it is a massively expensive feature both in terms of VMware licensing as well as in terms of performance hits, OS licensing and system overhead. Doing memory mirroring across nodes is very, very painful in terms of system resources.

Exactly. It's like a RAID-1-ish VM.

Yeah, that's a VMware exclusive. Not very applicable to the SMB market, but when you need it that's my top pick for "when to look at VMware." It's the most significant (to me anyway) "only on Vmware" feature. Most other things that VMware does well are soft benefits, like better memory management, but you might be able to offset that by just buying more memory on another platform. It's not a pure win. But their shared memory fault tolerance is an absolute win. When you need it, you either leave the commodity server world completely or you use VMware.

@John-Nicholson can talk more about that as well.

Hyper-V 's memory management is also awesome, IMHO. But you are right, the gap between VMware and the other major players is getting smaller and smaller with every release cycle. It's next to non-existing as of today. Remember very well when people laughed at me a few years ago for choosing Hyper-V to replace an existing VMware vSphere EP environment. I have yet to regret it.

As a non-inline, backup or archival unit, I would trust this system if you get it working nicely. Likely FreeBSD or OpenSuse will be ideal. If you get it running in that capacity, then sending backups to it will be a great use of it. As long as it is not a dependency for any running system, it would be viable.