API tools faq
paste
Guest User

ERL - KPN ITV

a guest
Nov 12th, 2015
143
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.04 KB | None | 0 0
raw download clone embed print report
  1. firewall {
  2. all-ping enable
  3. broadcast-ping disable
  4. ipv6-receive-redirects disable
  5. ipv6-src-route disable
  6. ip-src-route disable
  7. log-martians enable
  8. name WAN_IN {
  9. default-action drop
  10. description "WAN to internal"
  11. rule 10 {
  12. action accept
  13. description "Allow established/related"
  14. state {
  15. established enable
  16. related enable
  17. }
  18. }
  19. rule 20 {
  20. action drop
  21. description "Drop invalid state"
  22. state {
  23. invalid enable
  24. }
  25. }
  26. }
  27. name WAN_LOCAL {
  28. default-action drop
  29. description "WAN to router"
  30. rule 10 {
  31. action accept
  32. description "Allow established/related"
  33. state {
  34. established enable
  35. related enable
  36. }
  37. }
  38. rule 20 {
  39. action drop
  40. description "Drop invalid state"
  41. state {
  42. invalid enable
  43. }
  44. }
  45. }
  46. options {
  47. mss-clamp {
  48. mss 1412
  49. }
  50. }
  51. receive-redirects disable
  52. send-redirects enable
  53. source-validation disable
  54. syn-cookies enable
  55. }
  56. interfaces {
  57. ethernet eth0 {
  58. address 192.168.1.1/24
  59. description Local
  60. duplex auto
  61. speed auto
  62. }
  63. ethernet eth1 {
  64. description "Internet (PPPoE)"
  65. duplex auto
  66. speed auto
  67. vif 4 {
  68. address dhcp
  69. description "KPN TV"
  70. dhcp-options {
  71. client-option "send vendor-class-identifier "IPTV_RG";"
  72. client-option "request subnet-mask, routers, rfc3442-classless-static-routes;"
  73. default-route update
  74. default-route-distance 210
  75. name-server update
  76. }
  77. mtu 1500
  78. }
  79. vif 6 {
  80. description Internet
  81. dhcp-options {
  82. default-route update
  83. default-route-distance 210
  84. name-server update
  85. }
  86. mtu 1492
  87. pppoe 0 {
  88. default-route auto
  89. mtu 1492
  90. name-server auto
  91. password kpn
  92. user-id 38-D8-2F-xx-xx-xx@internet
  93. }
  94. }
  95. }
  96. ethernet eth2 {
  97. address 192.168.2.1/24
  98. description "Local 2"
  99. duplex auto
  100. speed auto
  101. }
  102. loopback lo {
  103. }
  104. }
  105. protocols {
  106. igmp-proxy {
  107. interface eth0 {
  108. alt-subnet 0.0.0.0/0
  109. role downstream
  110. threshold 1
  111. }
  112. interface eth1.4 {
  113. alt-subnet 0.0.0.0/0
  114. role upstream
  115. threshold 1
  116. }
  117. }
  118. static {
  119. route 213.75.112.0/21 {
  120. next-hop 10.202.192.1 {
  121. }
  122. }
  123. }
  124. }
  125. service {
  126. dhcp-server {
  127. disabled false
  128. global-parameters "option vendor-class-identifier code 60 = string;"
  129. global-parameters "option broadcast-address code 28 = ip-address;"
  130. hostfile-update disable
  131. shared-network-name LAN1 {
  132. authoritative disable
  133. subnet 192.168.1.0/24 {
  134. default-router 192.168.1.1
  135. dns-server 192.168.1.1
  136. lease 86400
  137. start 192.168.1.21 {
  138. stop 192.168.1.240
  139. }
  140. static-mapping BOVEN {
  141. ip-address 192.168.1.90
  142. mac-address 00:02:9b:d2:xx:xx
  143. }
  144. subnet-parameters "option vendor-class-identifier "IPTV_RG ";"
  145. subnet-parameters "option broadcast-address 192.168.1.255;"
  146. }
  147. }
  148. shared-network-name LAN2 {
  149. authoritative disable
  150. subnet 192.168.2.0/24 {
  151. default-router 192.168.2.1
  152. dns-server 192.168.2.1
  153. lease 86400
  154. start 192.168.2.21 {
  155. stop 192.168.2.240
  156. }
  157. }
  158. }
  159. }
  160. dns {
  161. forwarding {
  162. cache-size 150
  163. listen-on eth0
  164. listen-on eth2
  165. }
  166. }
  167. gui {
  168. https-port 443
  169. }
  170. nat {
  171. rule 5008 {
  172. description ITV
  173. destination {
  174. address 10.202.194.0/19
  175. }
  176. log disable
  177. outbound-interface eth1.4
  178. protocol all
  179. type masquerade
  180. }
  181. rule 5009 {
  182. description ITV
  183. destination {
  184. address 213.75.112.0/21
  185. }
  186. log disable
  187. outbound-interface eth1.4
  188. protocol all
  189. type masquerade
  190. }
  191. rule 5010 {
  192. outbound-interface pppoe0
  193. type masquerade
  194. }
  195. }
  196. ssh {
  197. port 22
  198. protocol-version v2
  199. }
  200. }
  201. system {
  202. host-name ubnt
  203. login {
  204. user ubnt {
  205. authentication {
  206. encrypted-password $1$zKNoUbAo$gomzUbYvgyUMcD436Wo66.
  207. }
  208. level admin
  209. }
  210. }
  211. ntp {
  212. server 0.ubnt.pool.ntp.org {
  213. }
  214. server 1.ubnt.pool.ntp.org {
  215. }
  216. server 2.ubnt.pool.ntp.org {
  217. }
  218. server 3.ubnt.pool.ntp.org {
  219. }
  220. }
  221. syslog {
  222. global {
  223. facility all {
  224. level notice
  225. }
  226. facility protocols {
  227. level debug
  228. }
  229. }
  230. }
  231. time-zone UTC
  232. }
  233.  
  234.  
  235. /* Warning: Do not remove the following line. */
  236. /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@4:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
  237. /* Release version: v1.7.0.4783374.150622.1534 */
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!