erlite config

1. firewall {
2. all-ping enable
3. broadcast-ping disable
4. ipv6-receive-redirects disable
5. ipv6-src-route disable
6. ip-src-route disable
7. log-martians enable
8. name WAN_IN {
9. default-action drop
10. description "WAN to internal"
11. rule 10 {
12. action accept
13. description "Allow established/related"
14. state {
15. established enable
16. related enable
17. }
18. }
19. rule 20 {
20. action drop
21. description "Drop invalid state"
22. state {
23. invalid enable
24. }
25. }
26. }
27. name WAN_LOCAL {
28. default-action drop
29. description "WAN to router"
30. rule 10 {
31. action accept
32. description "Allow established/related"
33. state {
34. established enable
35. related enable
36. }
37. }
38. rule 20 {
39. action drop
40. description "Drop invalid state"
41. state {
42. invalid enable
43. }
44. }
45. }
46. receive-redirects disable
47. send-redirects enable
48. source-validation disable
49. syn-cookies enable
50. }
51. interfaces {
52. ethernet eth0 {
53. address dhcp
54. description Internet
55. duplex auto
56. firewall {
57. in {
58. name WAN_IN
59. }
60. local {
61. name WAN_LOCAL
62. }
63. }
64. speed auto
65. }
66. ethernet eth1 {
67. address 192.168.1.1/24
68. description Local
69. duplex auto
70. speed auto
71. vif 10 {
72. address 192.168.10.1/24
73. description "Management VLAN"
74. mtu 1500
75. }
76. vif 20 {
77. address 192.168.20.1/24
78. description "Personal VLAN"
79. disabled false
80. mtu 1500
81. }
82. vif 30 {
83. address 192.168.30.1/24
84. description "Neighbours VLAN"
85. mtu 1500
86. }
87. }
88. ethernet eth2 {
89. address 192.168.2.1/24
90. description "Local 2"
91. duplex auto
92. speed auto
93. }
94. loopback lo {
95. }
96. }
97. service {
98. dhcp-server {
99. disabled false
100. hostfile-update disable
101. shared-network-name LAN1 {
102. }
103. shared-network-name VLAN10 {
104. authoritative disable
105. subnet 192.168.10.0/24 {
106. default-router 192.168.10.1
107. dns-server 192.168.10.1
108. lease 86400
109. start 192.168.10.100 {
110. stop 192.168.10.255
111. }
112. static-mapping TPLinkSwitch {
113. ip-address 192.168.10.2
114. mac-address 30:b5:c2:9b:f9:fb
115. }
116. }
117. }
118. shared-network-name VLAN20 {
119. authoritative disable
120. subnet 192.168.20.0/24 {
121. default-router 192.168.20.1
122. dns-server 192.168.20.1
123. lease 86400
124. start 192.168.20.100 {
125. stop 192.168.20.255
126. }
127. }
128. }
129. shared-network-name VLAN30 {
130. authoritative disable
131. subnet 192.168.30.0/24 {
132. default-router 192.168.30.1
133. dns-server 192.168.30.1
134. lease 86400
135. start 192.168.30.100 {
136. stop 192.168.30.255
137. }
138. }
139. }
140. }
141. dns {
142. forwarding {
143. cache-size 0
144. listen-on eth1
145. listen-on eth2
146. listen-on eth1.20
147. listen-on eth1.30
148. listen-on eth1.10
149. }
150. }
151. gui {
152. https-port 443
153. }
154. nat {
155. rule 5010 {
156. description "NAT Masquerade to eth0"
157. log disable
158. outbound-interface eth0
159. protocol all
160. type masquerade
161. }
162. }
163. ssh {
164. port 22
165. protocol-version v2
166. }
167. }
168. system {
169. host-name EdgeRouterLite
170. login {
171. user ubnt {
172. authentication {
173. encrypted-password ****************
174. }
175. level admin
176. }
177. }
178. name-server 8.8.8.8
179. name-server 8.8.4.4
180. ntp {
181. server 0.ubnt.pool.ntp.org {
182. }
183. server 1.ubnt.pool.ntp.org {
184. }
185. server 2.ubnt.pool.ntp.org {
186. }
187. server 3.ubnt.pool.ntp.org {
188. }
189. }
190. syslog {
191. global {
192. facility all {
193. level notice
194. }
195. facility protocols {
196. level debug
197. }
198. }
199. }
200. time-zone America/Toronto
201. }