edgerouter rainesh

1. firewall {
2. all-ping enable
3. broadcast-ping disable
4. ipv6-receive-redirects disable
5. ipv6-src-route disable
6. ip-src-route disable
7. log-martians enable
8. name WAN_IN {
9. default-action drop
10. description "WAN to internal"
11. rule 10 {
12. action accept
13. description "Allow established/related"
14. state {
15. established enable
16. related enable
17. }
18. }
19. rule 20 {
20. action drop
21. description "Drop invalid state"
22. state {
23. invalid enable
24. }
25. }
26. }
27. name WAN_LOCAL {
28. default-action drop
29. description "WAN to router"
30. rule 10 {
31. action accept
32. description "Allow established/related"
33. state {
34. established enable
35. related enable
36. }
37. }
38. rule 20 {
39. action drop
40. description "Drop invalid state"
41. state {
42. invalid enable
43. }
44. }
45. }
46. receive-redirects disable
47. send-redirects enable
48. source-validation disable
49. syn-cookies enable
50. }
51. interfaces {
52. ethernet eth0 {
53. address dhcp
54. description Internet
55. dhcp-options {
56. default-route update
57. default-route-distance 210
58. name-server no-update
59. }
60. duplex auto
61. firewall {
62. in {
63. name WAN_IN
64. }
65. local {
66. name WAN_LOCAL
67. }
68. }
69. speed auto
70. }
71. ethernet eth1 {
72. address 20.0.0.1/24
73. description Local
74. duplex auto
75. speed auto
76. }
77. ethernet eth2 {
78. address 10.0.0.1/24
79. description "Local 2"
80. disable
81. duplex auto
82. speed auto
83. }
84. loopback lo {
85. }
86. }
87. port-forward {
88. auto-firewall enable
89. hairpin-nat enable
90. lan-interface eth1
91. rule 1 {
92. description couch
93. forward-to {
94. address 20.0.0.10
95. port 5053
96. }
97. original-port 5053
98. protocol tcp_udp
99. }
100. rule 2 {
101. description dsm
102. forward-to {
103. address 20.0.0.10
104. port 5000
105. }
106. original-port 5000
107. protocol tcp_udp
108. }
109. rule 3 {
110. description dsm
111. forward-to {
112. address 20.0.0.10
113. port 80
114. }
115. original-port 80
116. protocol tcp_udp
117. }
118. rule 4 {
119. description ftp
120. forward-to {
121. address 20.0.0.10
122. port 21
123. }
124. original-port 21
125. protocol tcp_udp
126. }
127. rule 5 {
128. description sick
129. forward-to {
130. address 20.0.0.10
131. port 8083
132. }
133. original-port 8083
134. protocol tcp_udp
135. }
136. rule 6 {
137. description ""
138. forward-to {
139. address 20.0.0.10
140. port 6881
141. }
142. original-port 6881
143. protocol tcp_udp
144. }
145. rule 7 {
146. description ace
147. forward-to {
148. address 20.0.0.3
149. port 8621
150. }
151. original-port 8621
152. protocol tcp_udp
153. }
154. wan-interface eth0
155. }
156. service {
157. dhcp-server {
158. disabled false
159. hostfile-update disable
160. shared-network-name LAN1 {
161. authoritative enable
162. subnet 20.0.0.0/24 {
163. default-router 20.0.0.1
164. dns-server 20.0.0.1
165. lease 86400
166. start 20.0.0.2 {
167. stop 20.0.0.100
168. }
169. static-mapping Canon_MG6150 {
170. ip-address 20.0.0.8
171. mac-address knip
172. }
173. static-mapping Chromecast {
174. ip-address 20.0.0.17
175. mac-address knip
176. }
177. static-mapping HTPC {
178. ip-address 20.0.0.11
179. mac-address knip
180. }
181. static-mapping IP_camera {
182. ip-address 20.0.0.38
183. mac-address knip
184. }
185. static-mapping Nefit {
186. ip-address 20.0.0.6
187. mac-address knip
188. }
189. static-mapping Retropie {
190. ip-address 20.0.0.4
191. mac-address knip
192. }
193. static-mapping SERVER {
194. ip-address 20.0.0.10
195. mac-address knip
196. }
197. static-mapping Samsung_Rai {
198. ip-address 20.0.0.5
199. mac-address knip
200. }
201. static-mapping Samsung_Renu {
202. ip-address 20.0.0.9
203. mac-address knip
204. }
205. static-mapping Unifi_AC_LR {
206. ip-address 20.0.0.21
207. mac-address knip
208. }
209. static-mapping Werkstation {
210. ip-address 20.0.0.14
211. mac-address knip
212. }
213. static-mapping XPS13 {
214. ip-address 20.0.0.3
215. mac-address knip
216. }
217. static-mapping Yamaha {
218. ip-address 20.0.0.13
219. mac-address knip
220. }
221. }
222. }
223. shared-network-name LAN2 {
224. authoritative enable
225. disable
226. subnet 10.0.0.0/24 {
227. default-router 10.0.0.1
228. dns-server 10.0.0.1
229. lease 86400
230. start 10.0.0.38 {
231. stop 10.0.0.243
232. }
233. }
234. }
235. use-dnsmasq disable
236. }
237. dns {
238. forwarding {
239. cache-size 150
240. listen-on eth1
241. name-server 8.8.8.8
242. name-server 8.8.4.4
243. system
244. }
245. }
246. gui {
247. http-port 80
248. https-port 443
249. older-ciphers enable
250. }
251. nat {
252. rule 5010 {
253. description "masquerade for WAN"
254. outbound-interface eth0
255. type masquerade
256. }
257. }
258. ssh {
259. port 22
260. protocol-version v2
261. }
262. upnp {
263. }
264. upnp2 {
265. listen-on eth1
266. nat-pmp enable
267. secure-mode enable
268. wan eth0
269. }
270. }
271. system {
272. host-name ubnt
273. login {
274. user admin {
275. authentication {
276. encrypted-password $6$K0HQfJ.a$iblOoEKq.W3gPnm7Dl855a3DPNousy.lrFBZFbnVeAPDrc9wYhlmNdFKGLfYiNDhtEwqPtfGP9JcwuZXD7xs11
277. }
278. level admin
279. }
280. }
281. name-server 8.8.8.8
282. name-server 8.8.8.4
283. ntp {
284. server 1.ubnt.pool.ntp.org {
285. }
286. }
287. syslog {
288. global {
289. facility all {
290. level notice
291. }
292. facility protocols {
293. level debug
294. }
295. }
296. }
297. time-zone Europe/Amsterdam
298. traffic-analysis {
299. dpi disable
300. export disable
301. }
302. }
303.  
304.  
305. /* Warning: Do not remove the following line. */
306. /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
307. /* Release version: v1.9.1.4939093.161214.0705 */