Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- firewall {
- all-ping enable
- broadcast-ping disable
- ipv6-receive-redirects disable
- ipv6-src-route disable
- ip-src-route disable
- log-martians enable
- name WAN_IN {
- default-action drop
- description "WAN to internal"
- enable-default-log
- rule 10 {
- action accept
- description "Allow established/related"
- log disable
- protocol all
- state {
- established enable
- invalid disable
- new disable
- related enable
- }
- }
- rule 20 {
- action drop
- description "Drop invalid state"
- log disable
- protocol all
- state {
- established disable
- invalid enable
- new disable
- related disable
- }
- }
- }
- name WAN_LOCAL {
- default-action drop
- description "WAN to router"
- rule 10 {
- action accept
- description "Allow established/related"
- state {
- established enable
- related enable
- }
- }
- rule 11 {
- action drop
- description "Drop invalid state"
- state {
- invalid enable
- }
- }
- }
- options {
- mss-clamp {
- interface-type pppoe
- interface-type tun
- interface-type pptp
- mss 1452
- }
- }
- receive-redirects disable
- send-redirects enable
- source-validation disable
- syn-cookies enable
- }
- interfaces {
- bridge br0 {
- address dhcp
- aging 300
- bridged-conntrack disable
- description "Orange WAN Video"
- dhcp-options {
- client-option "send vendor-class-identifier "sagem";"
- client-option "send user-class "\047FSVDSL_livebox.MLTV.softathome.Livebox3";"
- client-option "request subnet-mask, routers, rfc3442-classless-static-routes;"
- client-option "send dhcp-client-identifier 1:[00:00:00:00:00:00];"
- default-route update
- default-route-distance 210
- name-server update
- }
- hello-time 2
- max-age 20
- priority 0
- promiscuous disable
- stp false
- }
- ethernet eth0 {
- description "ONT Orange"
- duplex auto
- poe {
- output off
- }
- speed auto
- vif 835 {
- description "Orange Internet"
- pppoe 0 {
- default-route force
- firewall {
- in {
- name WAN_IN
- }
- local {
- name WAN_LOCAL
- }
- }
- mtu 1492
- name-server auto
- password [user_orange]
- user-id [mdp_orange]
- }
- }
- vif 838 {
- bridge-group {
- bridge br0
- }
- description "Orange IPTV"
- egress-qos "0:4 1:4 2:4 3:4 4:4 5:4 6:4 7:4"
- }
- vif 839 {
- bridge-group {
- bridge br0
- }
- description "Orange TV Zapping"
- disable
- }
- vif 840 {
- bridge-group {
- bridge br0
- }
- description "Orange IPTV Multicast"
- egress-qos "0:5 1:5 2:5 3:5 4:5 5:5 6:5 7:5"
- }
- vif 841 {
- bridge-group {
- bridge br0
- }
- description "Orange VOD"
- disable
- }
- vif 851 {
- address dhcp
- description "Orange VOIP"
- dhcp-options {
- client-option "send vendor-class-identifier "FT_VoIP_Sagem_Boxer_160v1.0";"
- default-route update
- default-route-distance 210
- name-server update
- }
- egress-qos "0:6 1:6 2:6 3:6 4:6 5:6 6:6 7:6"
- }
- }
- ethernet eth1 {
- address 192.168.100.1/24
- description N/A
- duplex auto
- poe {
- output off
- }
- speed auto
- }
- ethernet eth2 {
- description "Local Bridge"
- duplex auto
- poe {
- output off
- }
- speed auto
- }
- ethernet eth3 {
- description "Local Bridge"
- duplex auto
- poe {
- output off
- }
- speed auto
- }
- ethernet eth4 {
- description "Local Bridge"
- duplex auto
- poe {
- output off
- }
- speed auto
- }
- loopback lo {
- }
- openvpn vtun0 {
- description OpenVPN
- encryption aes128
- local-port 1194
- mode server
- openvpn-option --comp-lzo
- protocol udp
- server {
- domain-name [domaine .net]
- name-server 192.168.1.1
- name-server 192.168.1.2
- push-route 192.168.1.0/24
- push-route 192.168.2.0/24
- subnet 192.168.2.0/24
- topology subnet
- }
- tls {
- ca-cert-file /config/auth/openvpn/keys/ca_.crt
- cert-file /config/auth/openvpn/keys/openvpn_.crt
- dh-file /config/auth/openvpn/keys/dh2048_.crt
- key-file /config/auth/openvpn/keys/openvpn_.key
- }
- }
- switch switch0 {
- address 192.168.1.99/24
- description "Local Bridge"
- mtu 1500
- switch-port {
- interface eth2
- interface eth3
- interface eth4
- }
- }
- }
- port-forward {
- auto-firewall enable
- hairpin-nat disable
- lan-interface switch0
- wan-interface pppoe0
- }
- protocols {
- igmp-proxy {
- interface br0 {
- alt-subnet 0.0.0.0/0
- role upstream
- threshold 1
- }
- interface eth1 {
- alt-subnet 0.0.0.0/0
- role downstream
- threshold 1
- }
- interface switch0 {
- role disabled
- threshold 1
- }
- }
- }
- service {
- dhcp-server {
- disabled false
- dynamic-dns-update {
- enable true
- }
- global-parameters "ddns-domainname "[domaine .net].";"
- global-parameters "ddns-rev-domainname "in-addr.arpa.";"
- global-parameters "update-static-leases on;"
- global-parameters "zone [domaine .net]. { primary 192.168.1.1; secondary 192.168.1.2; }"
- global-parameters "zone 1.168.192.in-addr.arpa. { primary 192.168.1.1; secondary 192.168.1.2; }"
- global-parameters "use-host-decl-names on;"
- hostfile-update disable
- shared-network-name Orange-IPTV {
- authoritative enable
- subnet 192.168.100.0/24 {
- default-router 192.168.100.1
- dns-server 80.10.246.2
- dns-server 80.10.246.129
- lease 86400
- ntp-server 192.168.100.1
- start 192.168.100.10 {
- stop 192.168.100.50
- }
- }
- }
- shared-network-name [domaine .net] {
- authoritative enable
- subnet 192.168.1.0/24 {
- bootfile-name /pxelinux.0
- bootfile-server 192.168.1.1
- default-router 192.168.1.1
- dns-server 192.168.1.1
- dns-server 192.168.1.2
- domain-name [domaine .net]
- lease 86400
- ntp-server 192.168.1.1
- start 192.168.1.100 {
- stop 192.168.1.199
- }
- }
- }
- }
- dns {
- dynamic {
- interface pppoe0 {
- service dyndns {
- host-name [domaine .net chez ovh]
- login [login_ddns]
- password [password_ddns]
- server www.ovh.com
- }
- web dyndns
- }
- }
- }
- gui {
- https-port 443
- }
- mdns {
- reflector
- }
- nat {
- rule 5010 {
- description "masquerade for WAN"
- log disable
- outbound-interface pppoe0
- protocol all
- type masquerade
- }
- rule 5011 {
- description "masquerade Orange IPTV"
- log disable
- outbound-interface br0
- protocol all
- type masquerade
- }
- rule 5012 {
- description "masquerade for Orange VOIP"
- disable
- log disable
- outbound-interface eth0.851
- protocol all
- type masquerade
- }
- }
- snmp {
- community [domaine .net] {
- authorization ro
- }
- contact "Contact SNMP"
- location "Tableau electrique "
- }
- ssh {
- port 22
- protocol-version v2
- }
- upnp2 {
- listen-on switch0
- listen-on eth1
- nat-pmp enable
- secure-mode disable
- wan pppoe0
- }
- }
- system {
- domain-name [domaine .net]
- host-name [hostname]
- login {
- user ubnt {
- authentication {
- encrypted-password [pwd encrypté]
- plaintext-password ""
- }
- full-name ""
- level admin
- }
- }
- name-server 192.168.1.1
- name-server 192.168.1.2
- ntp {
- server 0.ubnt.pool.ntp.org {
- }
- server 1.ubnt.pool.ntp.org {
- }
- server 2.ubnt.pool.ntp.org {
- }
- server 3.ubnt.pool.ntp.org {
- }
- }
- offload {
- ipv4 {
- forwarding enable
- pppoe enable
- vlan enable
- }
- }
- package {
- repository wheezy {
- components "main contrib non-free"
- distribution wheezy
- password ""
- url http://http.us.debian.org/debian
- username ""
- }
- repository wheezy-security {
- components main
- distribution wheezy/updates
- password ""
- url http://security.debian.org
- username ""
- }
- }
- syslog {
- global {
- facility all {
- level notice
- }
- facility protocols {
- level debug
- }
- }
- }
- task-scheduler {
- task wanIpChange {
- executable {
- path /config/scripts/wanIpChange.sh
- }
- interval 2m
- }
- }
- time-zone Europe/Paris
- traffic-analysis {
- dpi enable
- export enable
- }
- }
- vpn {
- pptp {
- remote-access {
- authentication {
- local-users {
- username [user_vpn] {
- password [pwd_vpn]
- }
- }
- mode local
- }
- client-ip-pool {
- start 192.168.99.200
- stop 192.168.99.220
- }
- dns-servers {
- server-1 192.168.1.1
- server-2 192.168.1.2
- }
- mtu 1492
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
