Battle(non)sense I need help.... I have 2 Internet connection... 2 lte 4g connection.... I play games alot n downloader also... What kinds of load balance or edge router should I buy... I'm confused
I posted this under your comparison before I saw this video. I guess great minds think alike! :D I tested the QoS settings for the Lite and ended up turning them off, I have 300Mbps by 20Mbps. Even if I only selected upload it affected my download significantly. Now typically I don't get the ping spikes that some see. I have the Edge Router Lite and it is by far the best "router" I have ever had. I tesedt the Edge Router Lite, Edge Router X, Asus RT 87U (with and without Merlin firmware) and a Watchguard. I ran several tests on these products to test Buffer Bloat and without any settings changes the Edge performed almost as well as others with QoS settings applied. There are a couple of caveats however. 1: I like to put my console(s) in a DMZ (residential version) so no port forwarding or UPnP issues. With the Edge series you will need to learn how to in CLI (Command Line Interface) and use UPnP2. It isn't just a check of a box. 2: Do NOT bridge the LAN ports to utilize both ports for a single LAN. This will kill performance!! You will have to get a switch to put behind your router. 3: You will need to purchase Wireless Access Points (WAP). I turned my Asus in to a WAP, expensive WAP but since I already had it.....The Asus allowed me to turn it in to a WAP without having to do to much other than give it a static IP address which I did using the Edge Static Mapping. I am not affiliated with any of these manufacturers, I am an IT Admin that likes to learn and test. So far, the Edge products have been great for me. The Unifi products by Ubiquiti, however, have been less than stellar!Read more Show less
Holy shit I had no idea what I was doing when I set it up and after connecting and setting up the WAN I had no internet connection and I had no idea what to do. This video helped alot, I wished the instruction manual or the helpsite mentioned to revert back to automatically obtaining an IP. Thank you for your thorough setup video!
Hi Chris. I'm a certified (Microsoft and Cisco) IT Technician myself and experienced in building good gaming environments since almost 20 years now. I really do appreciate your effort you put into your video creation. And that's why I actually don't really want to criticise you. But I feel like I have to: Most of the stuff you are explaining to others is correct. It's not the technical part that bothers me about your videos. it's the expectations you are building by using phrases like "you should do this" "you have to do that" Most things you are showing will only provide a very very very small improvement to the gaming experience. Although I agree that load balancing (that's what I would call that) is quite important if you are sharing your internet connection, actually every commercial router (at least in Germany) does a fairly good job on that. If course some router might be slightly faster or better, but in 99% of the cases there is absolutely no real reason for changing. You won't increase your SR from 2500 to 3500 if you do all the things you suggest. And I've got the feeling that you are trying to build such expectations. I was playing EPS (ESL Pro Series) back in my twenty's and everyone asked me for my mouse settings, equipment and so on. And I was telling them all the nice shit they wanted to hear like "you should really get this mouse and play with that sensitivity". But the silly truth is: you can have the best equipment, the best PC and the best connection: you still won't become a pro... it's almost like you are buying the same shoes as Christino Ronaldo and expect to play soccer like he does because you are wearing the nice new Nikes... Get descent hardware, descent equipment and a good connection and practise the shit out of that game if you want to have success! But don't waste time and money in trying to get 1 more frame per second... my 2 cents...
_"Most things you are showing will only provide a very very very small improvement to the gaming experience."_ I am not sure if you have seen the previous video where I showed how SQM successfully prevents ping spikes of more than 200ms caused by other clients/applications consuming the entire bandwidth. I'd call that a pretty massive improvement for online games. ;-) _"Although I agree that load balancing (that's what I would call that)"_ I am not sure why you would call it "Load Balancing" because that is using multiple WAN's to deal with the bandwidth requirement of your network/clients. _"You won't increase your SR from 2500 to 3500 if you do all the things you suggest. And I've got the feeling that you are trying to build such expectations. "_ I am not sure why you feel that I am building such expectations - it's definitely not my intention. I think the previous video was pretty clean on what the goal is. Prevent ping spikes of >200ms caused by network congestion. Which SQM in the ERLite-3 does. :)
Might be a good idea to mention QoS - while smart queue does a good job of preventing your upload bandwidth from being fully saturated, I don't think (I could be wrong here) it prioritizes certain traffic (HTTP, VoIP, etc.) over others. However, that would take viewers down the rabbit hole of Vyatta-based CLI. This video serves as a good starting point for introducing people to more robust networking practices. The EdgeRouter series is not the easiest platform to learn - their simpler USG is lacking some features still :c - but offers tremendous price-to-performance gains if you're willing to accept that your time is worth very little :)
The UPnP wizard may actually enable a legacy service called upnp, which is based on the older linux-igd implementation. There's a newer service called upnp2, which is based on miniupnpd, but you have to enable it via the command line interface like so: configure set service upnp2 listen-on eth1 set service upnp2 wan eth0 set service upnp2 secure-mode enable set service upnp2 nat-pmp enable delete service upnp commit save You can repeat the "set service upnp2 listen-on" command for other eth interfaces if you intend to use them as a switch. This is based on information at community.ubnt.com/t5/EdgeMAX/UPnP-vs-UPnP2-What-s-the-difference-between-upnp-and-upnp2/m-p/1313998#M73980.
Also, if you don't use QoS on the ER-lite, enable hardware offloading: set system offload ipv4 forwarding enable On the ER-X: set system offload hwnat enable
Hardware offloading is basically disabled for any QOS related traffic. Both the SmartQueue and things like shapers that you can set yourself. You get around 60-70Mbit throughput on the ER-lite and 260-270Mbit on the ER-X with QoS enabled. I personally only use QoS on the upload to make sure my cloud-backups (and rogue torrents) don't interrupt normal internet usage. This way inbound traffic is still hardware-accelerated.
I'm an old guy trying to improve his network. That said, I'm currently using an old AirPort Extreme and have IPv6 working which makes my son Xbox Live sessions great. I understand IPv6 isn't easy on this router, so what steps must I take so his NAT is open and his friends Xbox's work well together when they come over? Networking is not my forte and I know just enough to be dangerous...thanks!
This is a very informative video. I am looking at this unit as a load balancer for two internet connections which isn't really covered here but still, I learned a lot. Thanks.
Thanks heaps for the vid Chris! Will solve the issues of a very similar setup I'm having. A bit more configuring than I was expecting when I bought the unit, but definitely worth while.
In order to get this to work, I also had to reset my device to factory defaults. That was pretty easy, use a paper clip on the reset button with power connected. eth0 led should flash rapidly. When the led is solid you can release the reset button and don't disconnect power while it is resetting. Then I could connect using static IP.
Hey, Chris. I have a 200 Mbit connection, but my router is in the living room and we don't have a wired lan connection from there to my office. Right now I use powerline adapters from Devolo, but the ping in overwatch, for example, is never lower than 40ms and download speeds never exceed 2mb/s. Do I have any other alternative or am I just stuck with what I got now?
You only have 3 possible solutions: A. hard wired (cat6) connection (best, but where to hide the cables) B. 5Ghz WiFi C. Powerline (but you already tried that)
5Ghz Wi-Fi wont really help. Best chance is actually on 2.4ghz, since it has better range and wall penetration. 5Ghz does really well with eliminating congestion in apartment complexes though, since most cheap/free/rented routers do not support .ac wifi. Also Cat5 will be just fine for 1gbps at about 100-120m range. No real need for Cat6, though if you actually are doing a permanent wall modifications e.t.c. might as well just run Cat6 everywhere, might help a bit for longer runs for eventual 2.5 and 5 gbps in the future. Just buy fully copper cables, and not copper clad aluminum (CCA) and other cheaper variants (stranded e.t.c.), you can skimp on shielded cables (dont make much difference for residential installations at all, well if you dont run it next to power grid for entire length e.t.c.), but not on actually copper of decent AWG. Basically 24awg for cat5. 23/24awg for cat 6 (23AWG will require slightly more rare cat6 connectors). Basically the only thing that really matters is the amount of copper in the cable and not shielding/patented super twist e.t.c. Thus 24awg cat5 and 24awg cat6 will perform almost the same, though realistically only 23awg copper cable is proper cat6 in my books.
Hard wiring is sadly not an option (at least not) as I only rent the apartment and the landlord doesn't want me to do it or do it for me. I don't want a visible cable going through all of the living room and the hallway into the office, that's just not very good looking. The powerline adapters are quite slow, but WiFi (2.4 Ghz) is even slower, at least with the devices I'm using right now. Another problem is that I live downtown so there are quite a few WiFi networks (about 15 show up). I pay attention to using a channel that is not used yet, but that might still be a problem. I might have to try a few things and see what works out best in the end...
First thing to try then is to play around with plugging powerline stuff in different sockets, you want it to be as low of a run as possible so probably if at all possible to have both sockets on the same circuit breaker e.t.c. Might net you better results, though you probably wont ever get much more than 50mbps through it (~6mb/s) and ping wont ever be stable, due to lots of noise/feedback e.t.c. going on in the grid. Also you can try to play around with wi-fi range extenders. It probably wont be very good, but might be worth a shot. A slightly better variant would be daisy chaining routers via wi-fi, almost all of them can be wi-fi clients and the setup will be similar to how you do "router as AP" in this video. As a bonus you'll get better coverage of the house to boot. You wont get no fuss roaming (well.. automatic, like google wi-fi or other such systems) with cheapo routers, but it'll get a job done. Plus I imagine you'll mostly just connect one device to one network, and most devices like phones will migrate to better wi-fi when signal gets really bad automatically too. P.S. You should also check what kind of plinth/baseboard/skirting you have, it might actually have an accessible cable channel built-in or can be easily removable and have space behind it that'll allow fairly stealthy installation. I'm not at all familiar with how homes are done in various countries (I live in Russia), so cant be certain (or well.. arsed to research). But if you have lots of curtains/furniture you can probably just lay it out of the view, behind stuff and tape it here and there, it might be decent enough compromise. It wont be pretty, but will certainly be much less hassle and ton more reliability and performance.
Whenever i click apply and reboot, it says unable to connect to device. Is there a fix for this. And do you need a lan cable from another router to be connected to eth 1 if my eth 0 in connected to my computer and nothing else?
Ok suppose I connected my wifi router to erlite router. To which router should I connect my PC to ? Which one would be best and optimal? Hope you answer my doubt.
I've had two of these before (one with the plastic case and one made out of metal) and had situations where the built-in USB storage (it's literally just a stripped-down flash drive) failed (not a rare occurrence) and I ended up putting my own USB drive in there. Just an FYI - this was around 2015 and they may have resolved these issues since then, but I've been sticking my own USB storage in them since.
Hi! :) My router doesn't allow a DMZ Host setup either, but I now have the second router set up as a simple Access Point. It's working for me (as far as I can tell) but is there anything I overlooked why I shouldn't use this kind of AP setup? Bridge mode and DMZ aren't possible with my ISP's router. :/
Great video , can I use Edge router lite behind arris bgw-210 fiber internet with att, then use an access point do all access points require Poe injector ? Is this as secure or better than regular router anything needed other than this. Thanks very much.
How well will this handle Fios gigabit speeds? I am having issues pulling gigabit speed - mainly upload with onHUB (wired) and my WRT1900 ac v2 (wired as well). Usually it's like 850-900 / 450-500 mbps upload. Only my PC is wired .
According to the specs it can handle 1Gbps thanks to the Hardware Acceleration for Packet Processing. *HOWEVER* the Smart Queue Shaping is very heavy on the CPU, and so the shaping performance is just 60Mbps with Smart Queue enabled. i.imgur.com/7dSpsa1.png To get a shaping performance of 1Gbps you will need a (very expensive) ISP/Enterprise grade device.
The USG is basically a ERL. Means it also has a SmartQueue shaping performance of up to 60Mbps. The main difference between the two is that on the USG you can only globally enable SmartQueue for both up&downstream, while on the Edge Routers you can enable it only for up, only for down, or up & downstream - which can come in handy when your main problem is upstream congested, while your downstream is higher than the shaping performance of the router.
Even if you can't hide the cables, the best and only solution I use is a Cable. Even if it means pulling up Carpet or Buying Conduit. My biggest problem has always been that the houses that I have bought have always had too much network interference. It has been so bad that I own a crimp kits a huge box of wire and a drawer of RJ45. I have a nice wireless N, but it reaches only two rooms an the 2ghz signal is much stronger then the 5ghz.
Hello, I have set port forwarding on my Edge Router X, and it forwards to one of my servers. I want to restrict the ssh access to a particular Source IP. Right now the port forward rule is as below: Source Port:1234 ; TCP; Forward -to-Address: 172.16.22.14; Forward-to-port: 22 I have disabled auto-firewall and have a rule set in my WAN_IN and WAN_LOCAL as below: Source: 1.2.3.4 Destination: 172.16.22.14, Port 22 I just want Source-IP 1.2.3.4 to be able to ssh to 172.16.22.14. However, I am not able to restrict the ssh access and other source IPs are also granted ssh access. Can you please let me know what modifications I can do in my configurations to limit just the Source-IP 1.2.3.4 from doing an ssh to 172.16.22.14? Thank you
Hi, you said that in your case your ISP router doesn't provide bridge mode, but after in the configuration you say to not activate "some bridge option" because it overloads the router processor, so my question is if the isp router have bridge mode shoul i use that option or should i configure like you did for best performance ?
That bridge mode I was referring to later is inside the EdgeRouter, which turns its Ethernet ports into a "software switch". It's not related to the ISP modems bridge mode.
btw. instead of the Edge Router Lite, you should go for the ER-X. Costs less and has a greater traffic shaping performance of up to 100Mbps, while the ERL is maxing out at 60Mbps when SmartQueue is enabled.
Battle(non)sense Thanks for your help i'm the only one that uses the internet in my home, so i think i don't need SmartQueue. But thanks for that economical tip.
So the qos service priorities are already set out of the box, is that really all what it takes to eliminate ping spikes due to simultaneous connections? No rule configuration?
Smart Queue is not a traditional "rule based" QoS. It provides FQ-CoDel + HTB function. This means that it ensures that the small&frequent packets like from online games or VOIP can pass through the router in both directions without getting delayed/blocked by up/downloads. This feature then gives you an "A" rating in the buffer bloat test on www.dslreports.com/speedtest
Battle(non)sense then I need to get the edge router and rearrange my network ( I've been looking for a solution to gaming in a multi user network), thank you!
Battle(non)sense does the bandwidth chart refer to the max transfer speed available between ports? In other words how much data can pass through the router in any direction. I need to check that because I'm going to upgrade to a 200mbps Internet and I don't want to bottleneck that kind of speed
So can this be used with two wifi 4 port routers? One on eth1 & the other on eth2, thus having two segregated networks that see the internet, but not each other? If so is there a setup guide for that?
Simply make eth1 192.168.1.0/24 and eth2 192.168.2.0/24 Then connect a switch to eth1 and another to eth2. Don't use routers as that just makes port forwarding and NAT more complicated than it has to be. But if you just want to make a Guest WiFi (which can only access the internet) then there are much easier ways to achieve that with a single AccessPoint.
Battle(non)sense thank you so much for taking the time to reply to my question and giving me a grest solution. Sadly I'll still have to figure out the setup for plugging in two routers as om looking to have each side with their own WiFi as ell as needed to do some reservations on one of them. Couldn't I just disable NAT and hdcp on each router and jut let the edge router handle all that? I can't seem to find clarification in the documentation.
You can't disable NAT. You can disable DHCP and assign static IP addresses, but you can't have the DHCP server in the ERX hand out addresses for devices that are behind another router (that's basic networking). You can easily build 2 separate subnets with separate WiFi's with what I suggested above. But what kind of "reservations" do you need?
(Sorry didn't mean NAT- typo)So basically don't enable the DHCP on the Edge router, just assign IP's to each router on each ethX port, say .1.1 and a .2.1 and let each router DHCP what's connecting to it via the single port out to a switch? they don't have much traffic. I would say less than 20 PC's on each side. Also they don't have access to manage their cisco switch, and we want to let each company manage there reservations via their own router. (long story)
You mean when you don't bridge the LAN ports? yes, if you leave the DHCP for LAN2 active, and then a PC connected to eth2 will be in the 192.168.2.x address space and access the internet. you could even attach a switch to eth2 and have 2 seperate LANs then. eth1 192.168.1.x and eth2 192.168.2.x The devices on these separate LANs can also communicate with each other when you use the IP adress. However you will not see devices from the other adress space in your own network neighborhood (windows explorer -> network).
I need an RJ-11 port for my WAN connection. Is it possible to get an RJ-11 to RJ-45 adapter? Otherwise I'd need to use my current modem/AP device as the modem and buy a 3rd device to use as AP.
If you need an RJ11 then it sounds like your WAN connection needs a DSL modem. The EdgeRouter is not a modem, it's a router. So you need to run it after your ISP modem like I showed in the video. For WiFi I suggest using a UniFi AC AP Lite or AC AP LR
I am using one UAP‑AC‑LITE upstairs and one UAP‑AC‑LR (Long Range) in the groundfloor which has great range so that WiFi is also available in the garden.
DMZ is only necessary when you connect your own router to an ISP router. When the ISP provides you a modem, or when you can switch the ISP device into bridge mode, then you don't need to use DMZ.
NAT is usually enough (which is active per default). you can enable upnp or upnp2 as well if required. For upnp you can use the wizard (I showed that in the video) for upnp2 you need to use the CLI. These are the CLI commands to enable upnp2: ---------------- configure set service upnp2 listen-on $LAN_INTERFACE_1 ... set service upnp2 listen-on $LAN_INTERFACE_N set service upnp2 wan $WAN_INTERFACE set service upnp2 secure-mode enable set service upnp2 nat-pmp enable commit save exit ---------------- $LAN_INTERFACE_1 and $WAN_INTERFACE need to be replaced with your interfaces (WAN could be eth0 maybe pppoe0 - LAN eth0 or switch0 - depends on your device and configuration)
I want to make everyone aware, that when you turn on the QOS Smart Queue as shown I'm this video, you will cripple the performance of this router, and your download speed can drop to below half of your potential speed. When you enable smart QoS, it disables hardware acceleration and the n this router is only capable of 60 to 200mpbs download speeds. When I had this feature turned on, and y max download speed configured to 330mbps, my download speed was merely 75mbps. When I turned off Smart QOS entirely, my download speeds reached 330 Mbps, which is the speed tier I am paying for at Comcast. Moral of this story: Do not use Smart QoS!
Without QoS My dsl reports Bufferbloat grade was D...terrible for online Gaming FPS. Turned on QoS, constant grade A across the board. I created a rule to apply only to the Upload speed 10mbps, left download speed unchecked and blank. My Download Speed remained 200Mbps. when i set the rule to apply to download speed MAx 200 , i would get the same as you, around 75Mbps. i think thats how the Qos is supposed to work?. If you do Online Gaming QoS is a MUST. if you want to keep your download speed then just set the Qos for upload. run the dsl reports speed test and see how your bufferbloat grade and speeds are. I love my ER-3 lite!
I have used PfSense many years back, but I stopped as my Atom system consumed ~120€ of electricity per year. :( I do want to test their latest builds and look if they have SQM/FQ_CODEL or something alone these lines to avoid those ping spikes caused by congestion. :)
Most people say _"just use an old PC and install PfSense"_ . But you might want to use a power meter first and check how many Watts that system uses. Because 24/7 this could costs you quite much at the end of the year. Which then makes it more expensive than an ER-X or ERLite-3
what if your old router is also a modem? i'd like to use my ISP modem router to the edgerouter and have my ISP router provide wifi access to my devices as well as QoS control from the edgerouter
that does not work, because then all your WiFi devices will go behind the back of the EdgeRouter. So it's QoS will not affect them and they can cause you ping spikes.
Guys I need help... I have 2 Internet connection 2 4g lte connection... And I play games alot n downloader also what kinds of load balance or edge router should I buy
Yeah, I tried different values from 10 Mbit/s to 190 Mbit/s. I just now ran new tests and here are the results: QoS turned off: www.dslreports.com/speedtest/37564443 QoS applied to only upload (5.1 Mbit): www.dslreports.com/speedtest/37564329 QoS applied to both upload (5.1 Mbit) and download (100 Mbit): www.dslreports.com/speedtest/37564309 QoS applied to both upload (5.1 Mbit) and download (180 Mbit): www.dslreports.com/speedtest/37564506 With QoS applied to upload, dslreports' meter tops out at around +12ms, but with it off can jump to around +300ms. On the other hand, with QoS applied to download, the meter can top out at +2000ms, but with it off it very rarely goes over +400ms.
The Smart Queue works perfectly when, let's say, uploading a video to youtube, but once downloading something through a game client (like Steam or Battle.net/Blizzard App) the connection in game gets really bad. High ping and a lot of packet loss, gaming gets really bad then. My connection is 18Mbit/s down and 1Mbit/s up, changing the limits in the Smart Queue settings doesn't help either. Do you have any idea how I could fix it? If this problem persists, then the router really is useless for me.
Just yesterday I was downloading StarCraft 2 on my 2nd PC while I played on my primary rig. Prior to using Smart Queue this would have resulted in massive ping spikes. Now I can up/download while gaming and not have it affect my connection to the servers. Are you sure that you entered the correct downstream bandwidth?
Battle(non)sense yes, I tested the download speed multiple times and also tested around with different variables. While the ping did start dropping a bit with lower values, it still was at least 20ms higher than without any other network traffic. And when looking at the Overwatch Network Graphs, there was a lot of packet loss all the time, which was very noticable while playing, too. My actual connection is 18Mbit/s down- and 1Mbit/s upload, but everytime I tested my connection, it was always just 15,47Mbit/s download (upload got to 1Mbit/s) so I set the Smart queue to those values. Limiting the download bandwith to something like 12Mbit/s wasn't helping much. I have also restarted the router multiple times, with no success. Everything works fine but downloading via steam kills the connection. And looking through forums I'm not the only one having that problem. community.ubnt.com/t5/EdgeMAX/Smart-Queue-seemingly-not-working-for-Steam-downloads/td-p/1890405 but that thread doesn't seem to help me much either, maybe you can read something out of it.
This is very odd. Right how I have 8USG, 10 ER-X and 6 ERlite-3 deployed at customer sites which all use Smart Queue. Some of them are enthusiast gamers, so they would have told me if they were running into such issues. :(
So the problem still persists for me, but I just noticed that I forgot an important info: Since I don't have an ISP Modem, the Edgerouter runs behind our Fritz!Box which has the Modem integrated. But since the Fritz!Box doesn't support DMZ, the actual connection to the Internet is still getting handled by the Fritz!Box and not the Edgerouter directly (which would explain the packet loss while downloading, since the network conjestion already happens before the packets even come to the Edgerouter) all we've done is set the Edgerouter as an exposed host in the fritz.box and I think we did the Basic DHCP Setup inside the EdgeOS (it's a long time ago we did that, I don't remember that clearly). Is there any way I could set up my routers that the QoS can work for the download as well? Or is that simply impossible with my Setup and I would have to get myself an external Modem instead? EDIT: Fritz!Box supports DHCP obviously, just not the DMZ (mixed that up by accident)
Any difference between the EdgeRouter Lite and the PoE version? I need at least 4 Ethernet ports, Lite only has three and I can't afford a UniFi Switch.
I recommend to go with the ER-X then, where the other ports are proper switch ports. Btw. a switch is a rather "dumb" device. You can buy a 16port 1Gbps switch for 50$ and it will work just fine. No need to spend lots of money on a switch unless you really need the extra features it offers.
I was planning on getting the EdgeRouter PoE actually but I'm interested to hear why you recommend the ER-X over it. I have over a dozen devices connecting at a time and I'm suffering from lag spikes so I need the best possible router.
The ER-X has a SmartQueue shaping performace of 100Mbps, while the CPU of the ERLite will only offer up to 60Mbps with SmartQueue enabled. (see the description there is a link to the performance chart taked from the EdgeOS manual) Also you can use the remaining ports on the ER-X as switch ports. But as I said, you can just connect it to any cheap gigabit switch and you are fine. For WiFi I suggest adding a unifi AR AC Lite, or the LR (long range) if you have thick walls / a large area to cover.
Battle(non)sense. I have an ERL and Netduma . Currently the Netduma does not allow you to change the last digit of the LAN ip which is really crazy. And the ERL does not allow you to setup a dmz simply (honestly I don't know how to do it). How would you recommend I do my setup where the ERL is my primary router and the Netduma is my secondary router. My current setup Modem>EGL>Switch>Devices and AP(3).I'd like to work the Netduma into the setup and it can't be the primary router.
Frankly it makes no sense to have a "primary and a secondary router" - unless your primary is your ISP device which you must use in order to connect to the internet at all. There is no point / benefit in using both an EdgeRouter and the netduma at the same time. At least non that I could see. Also do not make one of your LAN devices a DMZ host. Enable upnp or upnp2 on the ERLite and let NAT do the work.
Well, I suppose you could set the WAN interface of the R1 to dhcp so that it gets an IP from the EdgeRouter. You then also need to make sure that the R1 "LAN" uses a different IP address space, so that it's different from the EdgeRouters. They can not both use i.e. 192.168.1.x
erhältlich bei e-tec.at oder amazon.de. Einfach mal auf geizhals.at eingeben dann kommen alle shops. :) P.s. der ER-X tut es auch (billiger), bekomme einen morgen zum testen!
I am actually thinking about that. I did use PfSense in the past. But I stopped using it because even the atom board I had increased my electricity bill by ~100€ per year. I want to take a lokk at PfSense again to find out if it uses FQ_CODEL now, or how it avoids the nasty side effects of network congestion. :)
I'm having trouble configuring PPPoE as my ISP WAN connection on my ERLite. I've followed the wizard and I have the correct username and password but i never establish a connection to the ISP. can I simply log into the ISP provided modem/router and set DMZ to the edgerouter?
When your ERlite is the DMZ host of your ISP router then you won't have issues. However you might also want to enable upnp2 on the ERlite in case you face "moderate NAT" in certain games on console. To enable upnp2 open the CLI inside of the EdgeOS GUI, then: configure set service upnp2 listen-on $LAN_INTERFACE_1 ... set service upnp2 listen-on $LAN_INTERFACE_N set service upnp2 wan $WAN_INTERFACE set service upnp2 secure-mode enable set service upnp2 nat-pmp enable commit save exit $LAN_INTERFACE_1 could be eth1, $WAN_INTERFACE will mostlikely be eth0 - you need to choose which you use for lan and wan Then start i.e. skype and enter "show upnp2 rules" in the CLI. You should then see the connections that upnp2 opened for skype.
btw. when you use pppoe then you have to select the "pppoe" interface when you setup rules, smart queue, upnp2, ..... do *not* use the eth0 interface even though it might be the physical interface that your ISP modem connects to. :)
you should make a video explaining how to configure the qos mode in advanced to give priority of packages to the ports of games or to computers in the lan, because when the qos is enabled in smart queue it applies priority to the complete network not to a specific device , what I want to leave said is that if a person in the network is watching netflix and I want to download or watch some movie the router will give priority to my pc and download the person who is watching netflix to give it to me .... would be a good contribution from you and investigated a lot but most things are by command lines and I do not understand any of that
no router will lower your outbound ping. the netduma r1 does not do it either. in a few chases you can lower your ping by using a VPN - however that will also only lower your ping when the VPN has a faster route than your ISP.
what a router can do is prevent that network congestion on your end causes high ping / ping spikes. however when your ping to a server / in a specific game is always very high, then this is the result of the distance between you and that server. You can not improve your connection to that server which is far away from you. My netcode analysis videos have more info on that topic: th-cam.com/video/Sa_AsRYlBOA/w-d-xo.html
Great video, interesting topic indeed! :) I have an interesting question: I´m having a coax connection from my cable company, where my ping (to a close server) is quite high (26ms) for a hybrid fiber connection atleast, which is caused by terrible routing of my provider. So i´m wondering if that method, getting a 2nd router e.g. would help lower the ping and stuff, as i saw you getting 1ms ping which is insane! I´ve never tried it and would be curious.
moonlight latency is often related more to the physical distance you are to the server rather than your provider's BGP peering setup. 26ms is actually quite good. Anything under 50ms should give you a solid experience for an FPS.
The 1ms ping is to a server that is just 5km away from me - so that is extremelly close. To a server in frankfurt (thats 400km on the map) I ping 17ms. 26ms is a very good ping! :)
I used the last years a Draytek router....quiet powerful firmware also at the Qos point...but not easy to use. After i "must" change some of my infrastructure i changed back to Fritz.Box because of more allinone potential :( . Because i also sit like you behind a provider device (Unitymedia) im just able to use the device prioritising ...the Qos is only availible if the FB selve manages the internet connection i bin told by AVM :(
www.dslreports.com/speedtest disable SmartQueue, then run the speed test, you will get a bad BufferBloat results (high ping spike) enable SmartQueue _(make sure you enter the correct bandwidth values)_ now you will get a great BufferBloat results
with SQ I get 'A' grade, without SQ I get 'D'. My goal is to have the best gaming experience possible. I ordered the edgerouter lite but they sent the ERPoe-5. Reading what I have, the software on the ERPoe-5 is the same as on the ERLite. So, I'm assuming i can get similar performance when it comes to managing ping spikes. Is that a safe assumption?
SmartQueue does not magically reduce your ping (that's physically impossible - no router can do that). What smart queue does is prevent that your ping spikes to 200ms or more when someone or something else consumes your entire up or downstream bandwidth while you are gaming. The speedtest shows that it does that well as your bufferbloat rating was "A" with SQ enable, while it was "D" with SQ disabled (means with SQ disabled you'd get >200ms ping spikes when someone else starts a download, upload, videostreaming, etc.).
I get it, that it's impossible to reduce the ping. I guess, overall, I'm just frustrated. I don't know what is "normal" when it comes to lag/latency while gaming. When I compare my experience (I assume it's a lot of lag) to other gaming I see on YT, it just doesn't look the same. They get instant confirmation of a "hit" while mine I can see there's a slight delay. This makes a huge difference!! I've spent a lot of time and effort trying to get the best experience possible. And I'm willing to do what it takes but, what else is there to do? And how can I validate my changes?
Good afternoon friend you can help me configure I have an EdgeMax pro with four WANs per dhcp and an eth7 LAN balancing and Smart Queue Can you come to a video
As someone with very minimal knowledge this seems quite confusing. I never had to do anything like this setting up my router I bet I had it set up horribly wrong lol
First of I'd like to thank Chris for another great vid this is a great channel. Now i;m wondering about which ISP to go for I;m in the UK and my choice is virgin media (180mbs down 20mbs up) or BT (70mbs down 19mbs up). Virgin Media clearly has much better download speeds but will the extra download speed enhance my gaming connection. I mean how much Download and upload do games need ? is there a maximum they can take? is there any software available that would tell me exactly how much download and upload my devices are taking? It would be very interesting to see if different games use different amounts. A Penny for your thoughts
Wow i think a lot of ISP 's are kidding people with there so called gaming connections then as upload and download speeds are the only things that improve with there premiere packages the ping remains the same.Thanks for the reply Chris it has saved me a few pounds for sure.
1Mbps is painfully slow for downloading games... I spent hours yesterday trying to get my Xbox to go a decent speed (which was solved by port forwarding somehow). The catch was that my brother's Xbox went to a strict NAT, which took another long while to fix. I had to disable my port forwards, enable them for my brother, disable them for my brother, and repeat this another time (all while checking his NAT at every step). Now I'll be stuck between 5 and .2 Mbps for my next download (when I should get 40 Mbps). I think I'll try changing my DNS, but that shouldn't be the problem because I'm using Open DNS.
Great Video. I'm wondering if you know about the EdgeRouter X. Acording to i.imgur.com/7dSpsa1.png it allows even more bandwidth for the SmartQueue than the Lite, but it's also cheaper. How can that be? Is it a trap?
He, he, he. That is my image that you linked to there - check out the description of the video. ;-) SQ performance is CPU bound, and the CPU in the ER-X is more powerful than in the ERLite-3. However when you don't use SQ then the ERLite-3 outperforms the ER-X thanks to it's Hardware Acceleration for Packet Processing.
I'm thinking about replacing my Google network box with a Edge router. The GNB interface is laughable like most ISP gateways. A how to video would be awesome but you're probably not in a Google fiber area. The plan is to setup a vpn on the edge to connect smart phones to.
You are right, no google fibre here in Austria. I could get 1Gbps from my ISP, but that would ruin me. XD The Edge Router Lite can handle 1Gbps thanks to it's hardware accelerated packet processing. However you can not use SmartQueue then - but with that bandwidth you might not need that kind of QoS anymore. ;-)
Great Video :) Unfortunately i only got 16mb down and 1 up so it won't work for me since all the family using the internet and it's the max speed you can get in Egypt too :(
Alex W But isn't it his permanent Network address? Before this he was just anyone on the web and now he has an address where you can find his PC. You know what hardware he uses and in what Setup, so you get into his Router and ask for all connected IP's attack them all (his TV, Toaster, Fridge and so on) until you get to the PC, (im not a hacker) so he basically doxed himself.
Eragon Baffel No, that's not how it works - you have many fundamental misunderstandings about how computers and networks function. That IP address is only accessible from the local network, not the internet (hence "LAN"). In addition, even if this were a WAN IP accessible from the internet, it's highly unlikely you will be able to achieve the level of compromise you talk about over the internet with limited services available through the firewall.
Alex W www.learn2crack.com/2013/06/hack-a-computer-only-with-just-a-ip-address-in-easy-steps.html You can narrow it down to just 100 IP adresses due to how he said his Network is set up.
Alex W Also 4th comment www.bleepingcomputer.com/forums/t/526210/if-someone-knows-your-ip-address-can-they-hck-you/ "Posted 02 March 2014 - 05:18 AM Your ISP assigned IP address is your identity on the internet. If someone (who has time, will power and skills to hack you) knows your IP address, then they might try. They may become successful or fail in their attempts depending on how secure your system is. If you have a firewall, antivirus and updated OS, then there is no possiblity of someone hacking you. As Professor CPU has pointed out, professional hackers who can actually hack you, simply do not have time or reason to do so." So it's unlikely and diffecult and maybe noone atempts it but it is possible. We know his IP + how his router distributs IP adresses in his network= we can guess his PCs IP
That setup is just begging for hackers/bots. DMZ pointing at your DHCP router, UPNP, + no firewall. Your DMZ device should have a firewall enabled, since ALL ports are forwarded. I wish I had your ping!
The EdgeRouter Lite has a firewall (see the Firewall/NAT tab). It is a router after all just like the one from the ISP. The reason why I have to use the DMZ feature is because I can not put the ISP device into bridge/modem mode, and you *need* to get all ports to your own router for it to work correctly. ;-)
Battle(non)sense man, I rushed that last night, crazy work week.. i should said your DHCP device should have the firewall. or, whatever you put behind the edgerouter bridge: which it appears you are doing. I just locked in on seeing firewall disabled and alerts went off!
The ERLite-3 is the DHCP server and it has a firewall just like all routers. There is no increased risk by putting a *Router* into a DMZ. But never ever put a PC into a DMZ.
Battle(non)sense in SOHO terms, for sure. Additionally, routers are 'OS's too. vendors may leave remote capabilities open like ssh, telnet and if that's not firewalled, you have an open door. most vendors are pretty proficient in securing this by default these days. I enjoy your vids a lot man, keep up the good work!
This comment is actually a very important and the comments on this thread are too. You, BNS, mentioned this: "There is no increased risk by putting a Router into a DMZ." I believe it's the other way around. If you don't have legal means to ask your ISP to change their router to Bridge, that means your ISP does not care much about clients, and that is, usually, a bad sign. Summary, adding an EdgeRouter into the ISP router's DMZ will increase security overall because you have full control over the Edgerouter. Correct me if I'm wrong.
► UBNT Router Models & Bandwidth Chart:
i.imgur.com/7dSpsa1.png
Battle(non)sense I need help.... I have 2 Internet connection... 2 lte 4g connection.... I play games alot n downloader also... What kinds of load balance or edge router should I buy... I'm confused
I posted this under your comparison before I saw this video. I guess great minds think alike! :D
I tested the QoS settings for the Lite and ended up turning them off, I have 300Mbps by 20Mbps. Even if I only selected upload it affected my download significantly. Now typically I don't get the ping spikes that some see.
I have the Edge Router Lite and it is by far the best "router" I have ever had.
I tesedt the Edge Router Lite, Edge Router X, Asus RT 87U (with and without Merlin firmware) and a Watchguard.
I ran several tests on these products to test Buffer Bloat and without any settings changes the Edge performed almost as well as others with QoS settings applied.
There are a couple of caveats however.
1: I like to put my console(s) in a DMZ (residential version) so no port forwarding or UPnP issues. With the Edge series you will need to learn how to in CLI (Command Line Interface) and use UPnP2. It isn't just a check of a box.
2: Do NOT bridge the LAN ports to utilize both ports for a single LAN. This will kill performance!! You will have to get a switch to put behind your router.
3: You will need to purchase Wireless Access Points (WAP). I turned my Asus in to a WAP, expensive WAP but since I already had it.....The Asus allowed me to turn it in to a WAP without having to do to much other than give it a static IP address which I did using the Edge Static Mapping.
I am not affiliated with any of these manufacturers, I am an IT Admin that likes to learn and test. So far, the Edge products have been great for me. The Unifi products by Ubiquiti, however, have been less than stellar!Read more Show less
Holy shit I had no idea what I was doing when I set it up and after connecting and setting up the WAN I had no internet connection and I had no idea what to do. This video helped alot, I wished the instruction manual or the helpsite mentioned to revert back to automatically obtaining an IP. Thank you for your thorough setup video!
Hi Chris.
I'm a certified (Microsoft and Cisco) IT Technician myself and experienced in building good gaming environments since almost 20 years now.
I really do appreciate your effort you put into your video creation. And that's why I actually don't really want to criticise you.
But I feel like I have to:
Most of the stuff you are explaining to others is correct. It's not the technical part that bothers me about your videos. it's the expectations you are building by using phrases like "you should do this" "you have to do that"
Most things you are showing will only provide a very very very small improvement to the gaming experience. Although I agree that load balancing (that's what I would call that) is quite important if you are sharing your internet connection, actually every commercial router (at least in Germany) does a fairly good job on that. If course some router might be slightly faster or better, but in 99% of the cases there is absolutely no real reason for changing.
You won't increase your SR from 2500 to 3500 if you do all the things you suggest. And I've got the feeling that you are trying to build such expectations.
I was playing EPS (ESL Pro Series) back in my twenty's and everyone asked me for my mouse settings, equipment and so on. And I was telling them all the nice shit they wanted to hear like "you should really get this mouse and play with that sensitivity". But the silly truth is: you can have the best equipment, the best PC and the best connection: you still won't become a pro...
it's almost like you are buying the same shoes as Christino Ronaldo and expect to play soccer like he does because you are wearing the nice new Nikes...
Get descent hardware, descent equipment and a good connection and practise the shit out of that game if you want to have success! But don't waste time and money in trying to get 1 more frame per second...
my 2 cents...
_"Most things you are showing will only provide a very very very small improvement to the gaming experience."_
I am not sure if you have seen the previous video where I showed how SQM successfully prevents ping spikes of more than 200ms caused by other clients/applications consuming the entire bandwidth. I'd call that a pretty massive improvement for online games. ;-)
_"Although I agree that load balancing (that's what I would call that)"_
I am not sure why you would call it "Load Balancing" because that is using multiple WAN's to deal with the bandwidth requirement of your network/clients.
_"You won't increase your SR from 2500 to 3500 if you do all the things you suggest. And I've got the feeling that you are trying to build such expectations. "_
I am not sure why you feel that I am building such expectations - it's definitely not my intention. I think the previous video was pretty clean on what the goal is. Prevent ping spikes of >200ms caused by network congestion. Which SQM in the ERLite-3 does. :)
Might be a good idea to mention QoS - while smart queue does a good job of preventing your upload bandwidth from being fully saturated, I don't think (I could be wrong here) it prioritizes certain traffic (HTTP, VoIP, etc.) over others.
However, that would take viewers down the rabbit hole of Vyatta-based CLI.
This video serves as a good starting point for introducing people to more robust networking practices. The EdgeRouter series is not the easiest platform to learn - their simpler USG is lacking some features still :c - but offers tremendous price-to-performance gains if you're willing to accept that your time is worth very little :)
Have one EdgeRouter Lite running at home, works great, their AP´s are really good too.
Nice and relatively a quick run down on the setup guide :)
Right? The first time I could really understand a little more about networking.
Glad I could help! :)
Enjoying the fresh new content, thanks for making these!
The UPnP wizard may actually enable a legacy service called upnp, which is based on the older linux-igd implementation. There's a newer service called upnp2, which is based on miniupnpd, but you have to enable it via the command line interface like so:
configure
set service upnp2 listen-on eth1
set service upnp2 wan eth0
set service upnp2 secure-mode enable
set service upnp2 nat-pmp enable
delete service upnp
commit
save
You can repeat the "set service upnp2 listen-on" command for other eth interfaces if you intend to use them as a switch.
This is based on information at community.ubnt.com/t5/EdgeMAX/UPnP-vs-UPnP2-What-s-the-difference-between-upnp-and-upnp2/m-p/1313998#M73980.
Also, if you don't use QoS on the ER-lite, enable hardware offloading:
set system offload ipv4 forwarding enable
On the ER-X:
set system offload hwnat enable
thanks for the info!
Qos conflicts with hardware offloading? or why i should not use both at the same time?
Hardware offloading is basically disabled for any QOS related traffic. Both the SmartQueue and things like shapers that you can set yourself. You get around 60-70Mbit throughput on the ER-lite and 260-270Mbit on the ER-X with QoS enabled.
I personally only use QoS on the upload to make sure my cloud-backups (and rogue torrents) don't interrupt normal internet usage. This way inbound traffic is still hardware-accelerated.
I see, i just read more about that, shame it doesn't work for qos, but i guess that should've been obvious, thanks for the answer!
I'm an old guy trying to improve his network. That said, I'm currently using an old AirPort Extreme and have IPv6 working which makes my son Xbox Live sessions great. I understand IPv6 isn't easy on this router, so what steps must I take so his NAT is open and his friends Xbox's work well together when they come over? Networking is not my forte and I know just enough to be dangerous...thanks!
This is a very informative video. I am looking at this unit as a load balancer for two internet connections which isn't really covered here but still, I learned a lot. Thanks.
Thanks heaps for the vid Chris! Will solve the issues of a very similar setup I'm having. A bit more configuring than I was expecting when I bought the unit, but definitely worth while.
In order to get this to work, I also had to reset my device to factory defaults. That was pretty easy, use a paper clip on the reset button with power connected. eth0 led should flash rapidly. When the led is solid you can release the reset button and don't disconnect power while it is resetting. Then I could connect using static IP.
Any chance of follow up video on Rainbow Six: Siege netcode?
Epic explanation! I managed to overcome my ISP I had the same problem as you, they just don't trust their customers.
@Battle(non)sense , any new recommendations for routers?
You did a great job on this, man ☺
What's the name of the program you/he are/is using to measure the network activity at the end of the video?
Great stuff bro! Helped a lot!
I have and love this router!
Hey, Chris. I have a 200 Mbit connection, but my router is in the living room and we don't have a wired lan connection from there to my office. Right now I use powerline adapters from Devolo, but the ping in overwatch, for example, is never lower than 40ms and download speeds never exceed 2mb/s. Do I have any other alternative or am I just stuck with what I got now?
You only have 3 possible solutions:
A. hard wired (cat6) connection (best, but where to hide the cables)
B. 5Ghz WiFi
C. Powerline (but you already tried that)
5Ghz Wi-Fi wont really help. Best chance is actually on 2.4ghz, since it has better range and wall penetration. 5Ghz does really well with eliminating congestion in apartment complexes though, since most cheap/free/rented routers do not support .ac wifi.
Also Cat5 will be just fine for 1gbps at about 100-120m range. No real need for Cat6, though if you actually are doing a permanent wall modifications e.t.c. might as well just run Cat6 everywhere, might help a bit for longer runs for eventual 2.5 and 5 gbps in the future. Just buy fully copper cables, and not copper clad aluminum (CCA) and other cheaper variants (stranded e.t.c.), you can skimp on shielded cables (dont make much difference for residential installations at all, well if you dont run it next to power grid for entire length e.t.c.), but not on actually copper of decent AWG. Basically 24awg for cat5. 23/24awg for cat 6 (23AWG will require slightly more rare cat6 connectors). Basically the only thing that really matters is the amount of copper in the cable and not shielding/patented super twist e.t.c. Thus 24awg cat5 and 24awg cat6 will perform almost the same, though realistically only 23awg copper cable is proper cat6 in my books.
Hard wiring is sadly not an option (at least not) as I only rent the apartment and the landlord doesn't want me to do it or do it for me. I don't want a visible cable going through all of the living room and the hallway into the office, that's just not very good looking. The powerline adapters are quite slow, but WiFi (2.4 Ghz) is even slower, at least with the devices I'm using right now. Another problem is that I live downtown so there are quite a few WiFi networks (about 15 show up). I pay attention to using a channel that is not used yet, but that might still be a problem. I might have to try a few things and see what works out best in the end...
First thing to try then is to play around with plugging powerline stuff in different sockets, you want it to be as low of a run as possible so probably if at all possible to have both sockets on the same circuit breaker e.t.c. Might net you better results, though you probably wont ever get much more than 50mbps through it (~6mb/s) and ping wont ever be stable, due to lots of noise/feedback e.t.c. going on in the grid.
Also you can try to play around with wi-fi range extenders. It probably wont be very good, but might be worth a shot. A slightly better variant would be daisy chaining routers via wi-fi, almost all of them can be wi-fi clients and the setup will be similar to how you do "router as AP" in this video. As a bonus you'll get better coverage of the house to boot. You wont get no fuss roaming (well.. automatic, like google wi-fi or other such systems) with cheapo routers, but it'll get a job done. Plus I imagine you'll mostly just connect one device to one network, and most devices like phones will migrate to better wi-fi when signal gets really bad automatically too.
P.S. You should also check what kind of plinth/baseboard/skirting you have, it might actually have an accessible cable channel built-in or can be easily removable and have space behind it that'll allow fairly stealthy installation. I'm not at all familiar with how homes are done in various countries (I live in Russia), so cant be certain (or well.. arsed to research). But if you have lots of curtains/furniture you can probably just lay it out of the view, behind stuff and tape it here and there, it might be decent enough compromise. It wont be pretty, but will certainly be much less hassle and ton more reliability and performance.
You could try something like coaxlan
By enabling upnp, should I expect my PS4 to go from NAT type 2 to NAT type 1? I have QOS active along with upnp but, I'm still getting NAT type 2.
Can you do a video on monitor response times?
Are there any access points you would recommend to combo with this router?
Whenever i click apply and reboot, it says unable to connect to device. Is there a fix for this.
And do you need a lan cable from another router to be connected to eth 1 if my eth 0 in connected to my computer and nothing else?
How do i add the IP address of the edgerouter to the DMZ on my Arris sb8200?
How much of a benefit do you really get injecting an edgerouter lite between your modem and a converted router apn/switch?
Ok suppose I connected my wifi router to erlite router. To which router should I connect my PC to ? Which one would be best and optimal? Hope you answer my doubt.
I've had two of these before (one with the plastic case and one made out of metal) and had situations where the built-in USB storage (it's literally just a stripped-down flash drive) failed (not a rare occurrence) and I ended up putting my own USB drive in there.
Just an FYI - this was around 2015 and they may have resolved these issues since then, but I've been sticking my own USB storage in them since.
Hi! :) My router doesn't allow a DMZ Host setup either, but I now have the second router set up as a simple Access Point. It's working for me (as far as I can tell) but is there anything I overlooked why I shouldn't use this kind of AP setup? Bridge mode and DMZ aren't possible with my ISP's router. :/
Great video , can I use Edge router lite behind arris bgw-210 fiber internet with att, then use an access point do all access points require Poe injector ? Is this as secure or better than regular router anything needed other than this. Thanks very much.
How well will this handle Fios gigabit speeds? I am having issues pulling gigabit speed - mainly upload with onHUB (wired) and my WRT1900 ac v2 (wired as well). Usually it's like 850-900 / 450-500 mbps upload. Only my PC is wired .
According to the specs it can handle 1Gbps thanks to the Hardware Acceleration
for Packet Processing. *HOWEVER* the Smart Queue Shaping is very heavy on the CPU, and so the shaping performance is just 60Mbps with Smart Queue enabled. i.imgur.com/7dSpsa1.png
To get a shaping performance of 1Gbps you will need a (very expensive) ISP/Enterprise grade device.
Curious if you considered the Unifi Security Gateway, or if you know if it has the same capabilities/performance.
The USG is basically a ERL. Means it also has a SmartQueue shaping performance of up to 60Mbps.
The main difference between the two is that on the USG you can only globally enable SmartQueue for both up&downstream, while on the Edge Routers you can enable it only for up, only for down, or up & downstream - which can come in handy when your main problem is upstream congested, while your downstream is higher than the shaping performance of the router.
Even if you can't hide the cables, the best and only solution I use is a Cable. Even if it means pulling up Carpet or Buying Conduit. My biggest problem has always been that the houses that I have bought have always had too much network interference. It has been so bad that I own a crimp kits a huge box of wire and a drawer of RJ45. I have a nice wireless N, but it reaches only two rooms an the 2ghz signal is much stronger then the 5ghz.
What the name of the app you use to measure latency?
I measure latency in many different ways depending on what I am testing. Can you be a bit more specific? :)
Hello,
I have set port forwarding on my Edge Router X, and it forwards to one of my servers. I want to restrict the ssh access to a particular Source IP.
Right now the port forward rule is as below:
Source Port:1234 ; TCP; Forward -to-Address: 172.16.22.14; Forward-to-port: 22
I have disabled auto-firewall and have a rule set in my WAN_IN and WAN_LOCAL as below:
Source: 1.2.3.4
Destination: 172.16.22.14, Port 22
I just want Source-IP 1.2.3.4 to be able to ssh to 172.16.22.14. However, I am not able to restrict the ssh access and other source IPs are also granted ssh access. Can you please let me know what modifications I can do in my configurations to limit just the Source-IP 1.2.3.4 from doing an ssh to 172.16.22.14?
Thank you
By "ISP device" does he mean "modem"?
If yes, what ISP refuses to let you use your own modem?
Great vid, but is there one for router dummies like me?
Hi, you said that in your case your ISP router doesn't provide bridge mode, but after in the configuration you say to not activate "some bridge option" because it overloads the router processor, so my question is if the isp router have bridge mode shoul i use that option or should i configure like you did for best performance ?
That bridge mode I was referring to later is inside the EdgeRouter, which turns its Ethernet ports into a "software switch".
It's not related to the ISP modems bridge mode.
btw. instead of the Edge Router Lite, you should go for the ER-X. Costs less and has a greater traffic shaping performance of up to 100Mbps, while the ERL is maxing out at 60Mbps when SmartQueue is enabled.
Battle(non)sense Thanks for your help i'm the only one that uses the internet in my home, so i think i don't need SmartQueue. But thanks for that economical tip.
How to you work with a fluctuating Download and Upload speed when setting up QoS when you can only set Static results?
Sounds like your line is not very reliable. In this case you should enter the bandwidth that you get "most of the time".
So the qos service priorities are already set out of the box, is that really all what it takes to eliminate ping spikes due to simultaneous connections? No rule configuration?
Smart Queue is not a traditional "rule based" QoS. It provides FQ-CoDel + HTB function. This means that it ensures that the small&frequent packets like from online games or VOIP can pass through the router in both directions without getting delayed/blocked by up/downloads.
This feature then gives you an "A" rating in the buffer bloat test on www.dslreports.com/speedtest
Battle(non)sense then I need to get the edge router and rearrange my network ( I've been looking for a solution to gaming in a multi user network), thank you!
make sure you also take a look at the UBNT Router Models & Bandwidth Chart: i.imgur.com/7dSpsa1.png :)
Battle(non)sense does the bandwidth chart refer to the max transfer speed available between ports? In other words how much data can pass through the router in any direction. I need to check that because I'm going to upgrade to a 200mbps Internet and I don't want to bottleneck that kind of speed
So can this be used with two wifi 4 port routers? One on eth1 & the other on eth2, thus having two segregated networks that see the internet, but not each other? If so is there a setup guide for that?
Simply make eth1 192.168.1.0/24 and eth2 192.168.2.0/24
Then connect a switch to eth1 and another to eth2.
Don't use routers as that just makes port forwarding and NAT more complicated than it has to be.
But if you just want to make a Guest WiFi (which can only access the internet) then there are much easier ways to achieve that with a single AccessPoint.
Battle(non)sense thank you so much for taking the time to reply to my question and giving me a grest solution. Sadly I'll still have to figure out the setup for plugging in two routers as om looking to have each side with their own WiFi as ell as needed to do some reservations on one of them. Couldn't I just disable NAT and hdcp on each router and jut let the edge router handle all that? I can't seem to find clarification in the documentation.
You can't disable NAT.
You can disable DHCP and assign static IP addresses, but you can't have the DHCP server in the ERX hand out addresses for devices that are behind another router (that's basic networking).
You can easily build 2 separate subnets with separate WiFi's with what I suggested above. But what kind of "reservations" do you need?
(Sorry didn't mean NAT- typo)So basically don't enable the DHCP on the Edge router, just assign IP's to each router on each ethX port, say .1.1 and a .2.1 and let each router DHCP what's connecting to it via the single port out to a switch? they don't have much traffic. I would say less than 20 PC's on each side. Also they don't have access to manage their cisco switch, and we want to let each company manage there reservations via their own router. (long story)
That's me ordered to test it out by putting the R7800 in AP, can the eth02 then be used solely for ps4
sharpz44 same question, can I use just eth2 for a PC?
You mean when you don't bridge the LAN ports?
yes, if you leave the DHCP for LAN2 active, and then a PC connected to eth2 will be in the 192.168.2.x address space and access the internet.
you could even attach a switch to eth2 and have 2 seperate LANs then. eth1 192.168.1.x and eth2 192.168.2.x
The devices on these separate LANs can also communicate with each other when you use the IP adress. However you will not see devices from the other adress space in your own network neighborhood (windows explorer -> network).
Battle(non)sense yes that was what I was wondering, thank you!
I need an RJ-11 port for my WAN connection. Is it possible to get an RJ-11 to RJ-45 adapter? Otherwise I'd need to use my current modem/AP device as the modem and buy a 3rd device to use as AP.
If you need an RJ11 then it sounds like your WAN connection needs a DSL modem. The EdgeRouter is not a modem, it's a router. So you need to run it after your ISP modem like I showed in the video.
For WiFi I suggest using a UniFi AC AP Lite or AC AP LR
Thanks. Will I be able to use any AP if I can't get the one you suggest just yet?
Sure, you can use any AP!
Personally I recommend the UniFi AP AC - 2.4Ghz & 5Ghz simulations, great coverage/performance, cheap (for what it can do).
Thanks so much for the very much needed info on setting this up. Can you recommend a switch or what switch are you using?
Cheers, Marc B.
If you just need a switch without any management (like VLANs, etc.) then you can buy any 1Gbit switch. :)
Which UniFi Access point do you recommend? My connection is 100mb
I am using one UAP‑AC‑LITE upstairs and one UAP‑AC‑LR (Long Range) in the groundfloor which has great range so that WiFi is also available in the garden.
Question, since I was able to swap the ISP home gateway with a ASUS WIFI router, the DMZ step is not necessary for my setup or is it?
DMZ is only necessary when you connect your own router to an ISP router. When the ISP provides you a modem, or when you can switch the ISP device into bridge mode, then you don't need to use DMZ.
TY
Does the router open the ports automaticly?
NAT is usually enough (which is active per default). you can enable upnp or upnp2 as well if required.
For upnp you can use the wizard (I showed that in the video) for upnp2 you need to use the CLI.
These are the CLI commands to enable upnp2:
----------------
configure
set service upnp2 listen-on $LAN_INTERFACE_1
...
set service upnp2 listen-on $LAN_INTERFACE_N
set service upnp2 wan $WAN_INTERFACE
set service upnp2 secure-mode enable
set service upnp2 nat-pmp enable
commit
save
exit
----------------
$LAN_INTERFACE_1 and $WAN_INTERFACE need to be replaced with your interfaces (WAN could be eth0 maybe pppoe0 - LAN eth0 or switch0 - depends on your device and configuration)
I want to make everyone aware, that when you turn on the QOS Smart Queue as shown I'm this video, you will cripple the performance of this router, and your download speed can drop to below half of your potential speed. When you enable smart QoS, it disables hardware acceleration and the n this router is only capable of 60 to 200mpbs download speeds. When I had this feature turned on, and y max download speed configured to 330mbps, my download speed was merely 75mbps. When I turned off Smart QOS entirely, my download speeds reached 330 Mbps, which is the speed tier I am paying for at Comcast. Moral of this story: Do not use Smart QoS!
Without QoS My dsl reports Bufferbloat grade was D...terrible for online Gaming FPS. Turned on QoS, constant grade A across the board. I created a rule to apply only to the Upload speed 10mbps, left download speed unchecked and blank. My Download Speed remained 200Mbps. when i set the rule to apply to download speed MAx 200 , i would get the same as you, around 75Mbps. i think thats how the Qos is supposed to work?. If you do Online Gaming QoS is a MUST. if you want to keep your download speed then just set the Qos for upload. run the dsl reports speed test and see how your bufferbloat grade and speeds are. I love my ER-3 lite!
What do you think of using a pfSense router for gaming
I have used PfSense many years back, but I stopped as my Atom system consumed ~120€ of electricity per year. :(
I do want to test their latest builds and look if they have SQM/FQ_CODEL or something alone these lines to avoid those ping spikes caused by congestion. :)
Hi power consumption :( . I'm in novice at network but a lot of the network guys around me tell me use PfSense, this poses a dilemma.
Most people say _"just use an old PC and install PfSense"_ . But you might want to use a power meter first and check how many Watts that system uses. Because 24/7 this could costs you quite much at the end of the year. Which then makes it more expensive than an ER-X or ERLite-3
Thank you
what if your old router is also a modem? i'd like to use my ISP modem router to the edgerouter and have my ISP router provide wifi access to my devices as well as QoS control from the edgerouter
that does not work, because then all your WiFi devices will go behind the back of the EdgeRouter. So it's QoS will not affect them and they can cause you ping spikes.
Is this still a recommended device in 2021?
Guys I need help... I have 2 Internet connection 2 4g lte connection... And I play games alot n downloader also what kinds of load balance or edge router should I buy
For some reason the QoS setting increases the bufferbloat when downloading, but improves it while uploading.
That is not normal / how it's supposed to work. Are you sure that you entered the correct bandwidth for downstream?
Yeah, I tried different values from 10 Mbit/s to 190 Mbit/s.
I just now ran new tests and here are the results:
QoS turned off: www.dslreports.com/speedtest/37564443
QoS applied to only upload (5.1 Mbit): www.dslreports.com/speedtest/37564329
QoS applied to both upload (5.1 Mbit) and download (100 Mbit): www.dslreports.com/speedtest/37564309
QoS applied to both upload (5.1 Mbit) and download (180 Mbit): www.dslreports.com/speedtest/37564506
With QoS applied to upload, dslreports' meter tops out at around +12ms, but with it off can jump to around +300ms. On the other hand, with QoS applied to download, the meter can top out at +2000ms, but with it off it very rarely goes over +400ms.
The Smart Queue works perfectly when, let's say, uploading a video to youtube, but once downloading something through a game client (like Steam or Battle.net/Blizzard App) the connection in game gets really bad. High ping and a lot of packet loss, gaming gets really bad then. My connection is 18Mbit/s down and 1Mbit/s up, changing the limits in the Smart Queue settings doesn't help either. Do you have any idea how I could fix it? If this problem persists, then the router really is useless for me.
Just yesterday I was downloading StarCraft 2 on my 2nd PC while I played on my primary rig. Prior to using Smart Queue this would have resulted in massive ping spikes. Now I can up/download while gaming and not have it affect my connection to the servers. Are you sure that you entered the correct downstream bandwidth?
Battle(non)sense yes, I tested the download speed multiple times and also tested around with different variables. While the ping did start dropping a bit with lower values, it still was at least 20ms higher than without any other network traffic. And when looking at the Overwatch Network Graphs, there was a lot of packet loss all the time, which was very noticable while playing, too. My actual connection is 18Mbit/s down- and 1Mbit/s upload, but everytime I tested my connection, it was always just 15,47Mbit/s download (upload got to 1Mbit/s) so I set the Smart queue to those values. Limiting the download bandwith to something like 12Mbit/s wasn't helping much. I have also restarted the router multiple times, with no success. Everything works fine but downloading via steam kills the connection. And looking through forums I'm not the only one having that problem. community.ubnt.com/t5/EdgeMAX/Smart-Queue-seemingly-not-working-for-Steam-downloads/td-p/1890405 but that thread doesn't seem to help me much either, maybe you can read something out of it.
This is very odd. Right how I have 8USG, 10 ER-X and 6 ERlite-3 deployed at customer sites which all use Smart Queue. Some of them are enthusiast gamers, so they would have told me if they were running into such issues. :(
So the problem still persists for me, but I just noticed that I forgot an important info: Since I don't have an ISP Modem, the Edgerouter runs behind our Fritz!Box which has the Modem integrated. But since the Fritz!Box doesn't support DMZ, the actual connection to the Internet is still getting handled by the Fritz!Box and not the Edgerouter directly (which would explain the packet loss while downloading, since the network conjestion already happens before the packets even come to the Edgerouter) all we've done is set the Edgerouter as an exposed host in the fritz.box and I think we did the Basic DHCP Setup inside the EdgeOS (it's a long time ago we did that, I don't remember that clearly). Is there any way I could set up my routers that the QoS can work for the download as well? Or is that simply impossible with my Setup and I would have to get myself an external Modem instead?
EDIT: Fritz!Box supports DHCP obviously, just not the DMZ (mixed that up by accident)
Any difference between the EdgeRouter Lite and the PoE version? I need at least 4 Ethernet ports, Lite only has three and I can't afford a UniFi Switch.
I recommend to go with the ER-X then, where the other ports are proper switch ports.
Btw. a switch is a rather "dumb" device. You can buy a 16port 1Gbps switch for 50$ and it will work just fine. No need to spend lots of money on a switch unless you really need the extra features it offers.
I was planning on getting the EdgeRouter PoE actually but I'm interested to hear why you recommend the ER-X over it. I have over a dozen devices connecting at a time and I'm suffering from lag spikes so I need the best possible router.
The ER-X has a SmartQueue shaping performace of 100Mbps, while the CPU of the ERLite will only offer up to 60Mbps with SmartQueue enabled. (see the description there is a link to the performance chart taked from the EdgeOS manual)
Also you can use the remaining ports on the ER-X as switch ports. But as I said, you can just connect it to any cheap gigabit switch and you are fine.
For WiFi I suggest adding a unifi AR AC Lite, or the LR (long range) if you have thick walls / a large area to cover.
Battle(non)sense. I have an ERL and Netduma . Currently the Netduma does not allow you to change the last digit of the LAN ip which is really crazy. And the ERL does not allow you to setup a dmz simply (honestly I don't know how to do it). How would you recommend I do my setup where the ERL is my primary router and the Netduma is my secondary router. My current setup Modem>EGL>Switch>Devices and AP(3).I'd like to work the Netduma into the setup and it can't be the primary router.
Frankly it makes no sense to have a "primary and a secondary router" - unless your primary is your ISP device which you must use in order to connect to the internet at all.
There is no point / benefit in using both an EdgeRouter and the netduma at the same time. At least non that I could see.
Also do not make one of your LAN devices a DMZ host. Enable upnp or upnp2 on the ERLite and let NAT do the work.
I was just seeing if I could use the R1 for it's geo-filter capabilities
Well, I suppose you could set the WAN interface of the R1 to dhcp so that it gets an IP from the EdgeRouter. You then also need to make sure that the R1 "LAN" uses a different IP address space, so that it's different from the EdgeRouters. They can not both use i.e. 192.168.1.x
do you have a link to buy this for austria 🇦🇹
warum schreib ich englisch
erhältlich bei e-tec.at oder amazon.de. Einfach mal auf geizhals.at eingeben dann kommen alle shops. :)
P.s. der ER-X tut es auch (billiger), bekomme einen morgen zum testen!
Battle(non)sense danke
You should make a tutorial on how to setup pfsense
I am actually thinking about that. I did use PfSense in the past. But I stopped using it because even the atom board I had increased my electricity bill by ~100€ per year.
I want to take a lokk at PfSense again to find out if it uses FQ_CODEL now, or how it avoids the nasty side effects of network congestion. :)
Yea I'm worried about running a 400w+ psu only for a router 24/7, but aren't there some tiny boards that use much less power now?
Great explanation.
I'm having trouble configuring PPPoE as my ISP WAN connection on my ERLite. I've followed the wizard and I have the correct username and password but i never establish a connection to the ISP. can I simply log into the ISP provided modem/router and set DMZ to the edgerouter?
specific configuration depends on your ISP. So I can't tell you how or if you can set a DMZ on your ISP router.
Well I know I can set DMZ on the router, I'd just like to know if double NATing will cause issues
When your ERlite is the DMZ host of your ISP router then you won't have issues. However you might also want to enable upnp2 on the ERlite in case you face "moderate NAT" in certain games on console.
To enable upnp2 open the CLI inside of the EdgeOS GUI, then:
configure
set service upnp2 listen-on $LAN_INTERFACE_1
...
set service upnp2 listen-on $LAN_INTERFACE_N
set service upnp2 wan $WAN_INTERFACE
set service upnp2 secure-mode enable
set service upnp2 nat-pmp enable
commit
save
exit
$LAN_INTERFACE_1 could be eth1, $WAN_INTERFACE will mostlikely be eth0 - you need to choose which you use for lan and wan
Then start i.e. skype and enter "show upnp2 rules" in the CLI. You should then see the connections that upnp2 opened for skype.
Battle(non)sense great, thanks!!
btw. when you use pppoe then you have to select the "pppoe" interface when you setup rules, smart queue, upnp2, ..... do *not* use the eth0 interface even though it might be the physical interface that your ISP modem connects to. :)
you should make a video explaining how to configure the qos mode in advanced to give priority of packages to the ports of games or to computers in the lan, because when the qos is enabled in smart queue it applies priority to the complete network not to a specific device , what I want to leave said is that if a person in the network is watching netflix and I want to download or watch some movie the router will give priority to my pc and download the person who is watching netflix to give it to me .... would be a good contribution from you and investigated a lot but most things are by command lines and I do not understand any of that
will tgis lower my ping. as netduma can lower it a bit?
no router will lower your outbound ping. the netduma r1 does not do it either.
in a few chases you can lower your ping by using a VPN - however that will also only lower your ping when the VPN has a faster route than your ISP.
Battle(non)sense so how can you make latency in games better
what a router can do is prevent that network congestion on your end causes high ping / ping spikes.
however when your ping to a server / in a specific game is always very high, then this is the result of the distance between you and that server. You can not improve your connection to that server which is far away from you.
My netcode analysis videos have more info on that topic: th-cam.com/video/Sa_AsRYlBOA/w-d-xo.html
So is UBNT EdgeRouter Lite this better than the Netduma R1
Great video, interesting topic indeed! :)
I have an interesting question: I´m having a coax connection from my cable company, where my ping (to a close server) is quite high (26ms) for a hybrid fiber connection atleast, which is caused by terrible routing of my provider. So i´m wondering if that method, getting a 2nd router e.g. would help lower the ping and stuff, as i saw you getting 1ms ping which is insane! I´ve never tried it and would be curious.
moonlight latency is often related more to the physical distance you are to the server rather than your provider's BGP peering setup. 26ms is actually quite good. Anything under 50ms should give you a solid experience for an FPS.
The 1ms ping is to a server that is just 5km away from me - so that is extremelly close.
To a server in frankfurt (thats 400km on the map) I ping 17ms.
26ms is a very good ping! :)
Not all the time, i do get lower latency to a server which is triple the distance away as the one i mentioned with the 26ms. (200km ~17ms)
I know that 26ms isn´t bad, im just curious if a different router would deliver better results :)
How is the buffer bloat on this router?
The result from the ERLite-3 with Smart Queue enabled. i.imgur.com/bJl799M.jpg
Battle(non)sense wow that is perfect score.
The power of SQM :)
I bought one of these routers but it arrived DOA and wouldn't power on. Still kinda mad about that.
I used the last years a Draytek router....quiet powerful firmware also at the Qos point...but not easy to use. After i "must" change some of my infrastructure i changed back to Fritz.Box because of more allinone potential :( . Because i also sit like you behind a provider device (Unitymedia) im just able to use the device prioritising ...the Qos is only availible if the FB selve manages the internet connection i bin told by AVM :(
I just setup an edgerouter with smart que. How do you verify that it's limiting ping spikes?
www.dslreports.com/speedtest
disable SmartQueue, then run the speed test, you will get a bad BufferBloat results (high ping spike)
enable SmartQueue _(make sure you enter the correct bandwidth values)_ now you will get a great BufferBloat results
with SQ I get 'A' grade, without SQ I get 'D'. My goal is to have the best gaming experience possible. I ordered the edgerouter lite but they sent the ERPoe-5. Reading what I have, the software on the ERPoe-5 is the same as on the ERLite. So, I'm assuming i can get similar performance when it comes to managing ping spikes. Is that a safe assumption?
How do I know if i am setup properly? I'm still getting the same lag/latency prior to using the edge router.
SmartQueue does not magically reduce your ping (that's physically impossible - no router can do that).
What smart queue does is prevent that your ping spikes to 200ms or more when someone or something else consumes your entire up or downstream bandwidth while you are gaming. The speedtest shows that it does that well as your bufferbloat rating was "A" with SQ enable, while it was "D" with SQ disabled (means with SQ disabled you'd get >200ms ping spikes when someone else starts a download, upload, videostreaming, etc.).
I get it, that it's impossible to reduce the ping. I guess, overall, I'm just frustrated. I don't know what is "normal" when it comes to lag/latency while gaming. When I compare my experience (I assume it's a lot of lag) to other gaming I see on YT, it just doesn't look the same. They get instant confirmation of a "hit" while mine I can see there's a slight delay. This makes a huge difference!!
I've spent a lot of time and effort trying to get the best experience possible. And I'm willing to do what it takes but, what else is there to do? And how can I validate my changes?
Good afternoon friend you can help me configure I have an EdgeMax pro with four WANs per dhcp and an eth7 LAN balancing and Smart Queue
Can you come to a video
I recommend that you post a thread in the UBNT community forums. They are very helpful there!
Hi Chris,I rly want a video teach about how to make NAT open and network safety. if u make it I would be thankful. :D
My EdgeRouter-x to have public IP i have to config on Wizard-> Basic Setup a Vlan:100.
on SQM The wan interface need to be: eth0 or eth0.100
As someone with very minimal knowledge this seems quite confusing. I never had to do anything like this setting up my router I bet I had it set up horribly wrong lol
First of I'd like to thank Chris for another great vid this is a great channel. Now i;m wondering about which ISP to go for I;m in the UK and my choice is virgin media (180mbs down 20mbs up) or BT (70mbs down 19mbs up). Virgin Media clearly has much better download speeds but will the extra download speed enhance my gaming connection. I mean how much Download and upload do games need ? is there a maximum they can take? is there any software available that would tell me exactly how much download and upload my devices are taking? It would be very interesting to see if different games use different amounts. A Penny for your thoughts
Games need very little bandwith. 1Mbps upload is allready enough, even for 60Hz games. :)
Wow i think a lot of ISP 's are kidding people with there so called gaming connections then as upload and download speeds are the only things that improve with there premiere packages the ping remains the same.Thanks for the reply Chris it has saved me a few pounds for sure.
1Mbps is painfully slow for downloading games... I spent hours yesterday trying to get my Xbox to go a decent speed (which was solved by port forwarding somehow). The catch was that my brother's Xbox went to a strict NAT, which took another long while to fix. I had to disable my port forwards, enable them for my brother, disable them for my brother, and repeat this another time (all while checking his NAT at every step). Now I'll be stuck between 5 and .2 Mbps for my next download (when I should get 40 Mbps). I think I'll try changing my DNS, but that shouldn't be the problem because I'm using Open DNS.
Great Video. I'm wondering if you know about the EdgeRouter X. Acording to i.imgur.com/7dSpsa1.png it allows even more bandwidth for the SmartQueue than the Lite, but it's also cheaper. How can that be? Is it a trap?
He, he, he. That is my image that you linked to there - check out the description of the video. ;-)
SQ performance is CPU bound, and the CPU in the ER-X is more powerful than in the ERLite-3. However when you don't use SQ then the ERLite-3 outperforms the ER-X thanks to it's Hardware Acceleration for Packet Processing.
Ahh cool. So if I want SQ on at all times the ER-X is the better buy?
I'd say so - yes.
I'm thinking about replacing my Google network box with a Edge router. The GNB interface is laughable like most ISP gateways. A how to video would be awesome but you're probably not in a Google fiber area. The plan is to setup a vpn on the edge to connect smart phones to.
You are right, no google fibre here in Austria. I could get 1Gbps from my ISP, but that would ruin me. XD
The Edge Router Lite can handle 1Gbps thanks to it's hardware accelerated packet processing. However you can not use SmartQueue then - but with that bandwidth you might not need that kind of QoS anymore. ;-)
Great Video :)
Unfortunately i only got 16mb down and 1 up so it won't work for me since all the family using the internet and it's the max speed you can get in Egypt too :(
Smart Queue will still work in that case, as your small, frequent gamedata packets come first and the rest comes after.
Thanks, I will give it a try and see .
ISP? ;-)
A1 Net?
Came here from Drift0rs video
nice
1:04 Hope that's not true. Else you might be targeted by hackers and so on.
Eragon Baffel What? It's a LAN IP.
Alex W
But isn't it his permanent Network address? Before this he was just anyone on the web and now he has an address where you can find his PC. You know what hardware he uses and in what Setup, so you get into his Router and ask for all connected IP's attack them all (his TV, Toaster, Fridge and so on) until you get to the PC, (im not a hacker) so he basically doxed himself.
Eragon Baffel No, that's not how it works - you have many fundamental misunderstandings about how computers and networks function. That IP address is only accessible from the local network, not the internet (hence "LAN"). In addition, even if this were a WAN IP accessible from the internet, it's highly unlikely you will be able to achieve the level of compromise you talk about over the internet with limited services available through the firewall.
Alex W
www.learn2crack.com/2013/06/hack-a-computer-only-with-just-a-ip-address-in-easy-steps.html You can narrow it down to just 100 IP adresses due to how he said his Network is set up.
Alex W
Also 4th comment www.bleepingcomputer.com/forums/t/526210/if-someone-knows-your-ip-address-can-they-hck-you/ "Posted 02 March 2014 - 05:18 AM
Your ISP assigned IP address is your identity on the internet. If someone (who has time, will power and skills to hack you) knows your IP address, then they might try. They may become successful or fail in their attempts depending on how secure your system is.
If you have a firewall, antivirus and updated OS, then there is no possiblity of someone hacking you. As Professor CPU has pointed out, professional hackers who can actually hack you, simply do not have time or reason to do so."
So it's unlikely and diffecult and maybe noone atempts it but it is possible. We know his IP + how his router distributs IP adresses in his network= we can guess his PCs IP
Good that i just need a FRITZ!Box :D plug 'n play
That setup is just begging for hackers/bots. DMZ pointing at your DHCP router, UPNP, + no firewall. Your DMZ device should have a firewall enabled, since ALL ports are forwarded. I wish I had your ping!
The EdgeRouter Lite has a firewall (see the Firewall/NAT tab). It is a router after all just like the one from the ISP.
The reason why I have to use the DMZ feature is because I can not put the ISP device into bridge/modem mode, and you *need* to get all ports to your own router for it to work correctly. ;-)
Battle(non)sense man, I rushed that last night, crazy work week.. i should said your DHCP device should have the firewall. or, whatever you put behind the edgerouter bridge: which it appears you are doing. I just locked in on seeing firewall disabled and alerts went off!
The ERLite-3 is the DHCP server and it has a firewall just like all routers.
There is no increased risk by putting a *Router* into a DMZ. But never ever put a PC into a DMZ.
Battle(non)sense in SOHO terms, for sure. Additionally, routers are 'OS's too. vendors may leave remote capabilities open like ssh, telnet and if that's not firewalled, you have an open door. most vendors are pretty proficient in securing this by default these days. I enjoy your vids a lot man, keep up the good work!
This comment is actually a very important and the comments on this thread are too.
You, BNS, mentioned this: "There is no increased risk by putting a Router into a DMZ."
I believe it's the other way around.
If you don't have legal means to ask your ISP to change their router to Bridge, that means your ISP does not care much about clients, and that is, usually, a bad sign.
Summary, adding an EdgeRouter into the ISP router's DMZ will increase security overall because you have full control over the Edgerouter.
Correct me if I'm wrong.
If your provider also provides IPv6 connectivity, following this guide will mean you get no IPv6 access.
As I said multiple times in the video. The process will not be the same for everyone as it depends on what kind of internet connection you have.
Which parts of the video should i use for older/other routers?
this guy must be on google fiber lol i need your help bro
This is too advanced for me.
DMZee*
My brain 🧠 it hurts
no wifi :(
Add a UniFi Access point from UBNT and you are golden.
works a *lot* better than the built in WiFi of most routers. :)
looks like a video game hijacked your video