API tools faq
paste
c0mm0n

Untitled

c0mm0n
Jul 13th, 2014
300
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.24 KB | None | 0 0
raw download clone embed print report
  1. firewall {
  2. all-ping enable
  3. broadcast-ping disable
  4. ipv6-receive-redirects disable
  5. ipv6-src-route disable
  6. ip-src-route disable
  7. log-martians enable
  8. name WAN_IN {
  9. default-action drop
  10. description "packets from Internet to LAN"
  11. enable-default-log
  12. rule 1 {
  13. action accept
  14. description "allow established sessions"
  15. log disable
  16. protocol all
  17. state {
  18. established enable
  19. invalid disable
  20. new disable
  21. related enable
  22. }
  23. }
  24. rule 2 {
  25. action drop
  26. description "drop invalid state"
  27. log disable
  28. protocol all
  29. state {
  30. established disable
  31. invalid enable
  32. new disable
  33. related disable
  34. }
  35. }
  36. }
  37. name WAN_LOCAL {
  38. default-action drop
  39. description "packets from Internet to the router"
  40. rule 1 {
  41. action accept
  42. description "allow established session to the router"
  43. log disable
  44. protocol all
  45. state {
  46. established enable
  47. invalid disable
  48. new disable
  49. related enable
  50. }
  51. }
  52. rule 2 {
  53. action drop
  54. description "drop invalid state"
  55. log disable
  56. protocol all
  57. state {
  58. established disable
  59. invalid enable
  60. new disable
  61. related disable
  62. }
  63. }
  64. }
  65. options {
  66. mss-clamp {
  67. mss 1452
  68. }
  69. }
  70. receive-redirects disable
  71. send-redirects enable
  72. source-validation disable
  73. syn-cookies enable
  74. }
  75. interfaces {
  76. bridge br1 {
  77. aging 300
  78. hello-time 2
  79. max-age 20
  80. priority 0
  81. promiscuous disable
  82. stp false
  83. }
  84. bridge br0 {
  85. aging 300
  86. hello-time 2
  87. max-age 20
  88. priority 0
  89. promiscuous disable
  90. stp false
  91. }
  92. ethernet eth0 {
  93. address 192.168.1.1/24
  94. description Local
  95. duplex auto
  96. speed auto
  97.  
  98. }
  99. ethernet eth1 {
  100. description "Internet (PPPoE)"
  101. duplex auto
  102. speed auto
  103. vif 835 {
  104. address dhcp
  105. description FTTH
  106. pppoe 0 {
  107. default-route auto
  108. firewall {
  109. in {
  110. name WAN_IN
  111. }
  112. local {
  113. name WAN_LOCAL
  114. }
  115. }
  116. mtu 1492
  117. name-server auto
  118. password xxx
  119. user-id fti/xxx
  120. }
  121. }
  122. vif 838 {
  123. bridge-group {
  124. bridge br0
  125. }
  126. description TV
  127. }
  128. vif 840 {
  129. bridge-group {
  130. bridge br0
  131. }
  132. description TV
  133. }
  134. vif 851 {
  135. bridge-group {
  136. bridge br1
  137. }
  138. }
  139. }
  140. ethernet eth2 {
  141. address 192.168.2.1/24
  142. description "Local 2"
  143. duplex auto
  144. speed auto
  145. vif 835 {
  146. }
  147. vif 851 {
  148. bridge-group {
  149. bridge br1
  150. }
  151. }
  152.  
  153. }
  154. loopback lo {
  155. }
  156. }
  157. port-forward {
  158. auto-firewall enable
  159. hairpin-nat enable
  160. lan-interface eth2
  161. lan-interface eth0
  162. rule 1 {
  163. description "VPN PPTP"
  164. forward-to {
  165. address 192.168.2.2
  166. port 1723
  167. }
  168. original-port 1723
  169. protocol tcp_udp
  170. }
  171. wan-interface pppoe0
  172. }
  173. protocols {
  174. igmp-proxy {
  175. interface br0 {
  176. alt-subnet 0.0.0.0/0
  177. role upstream
  178. threshold 1
  179. }
  180. interface eth0 {
  181. alt-subnet 0.0.0.0/0
  182. role downstream
  183. threshold 1
  184. }
  185. interface eth2 {
  186. alt-subnet 0.0.0.0/0
  187. role downstream
  188. threshold 1
  189. }
  190. }
  191. static {
  192. route 80.10.117.120/31 {
  193. next-hop 10.54.56.254 {
  194. }
  195. }
  196. route 81.253.206.0/24 {
  197. next-hop 10.54.56.254 {
  198. }
  199. }
  200. route 81.253.210.0/23 {
  201. next-hop 10.54.56.254 {
  202. }
  203. }
  204. route 81.253.214.0/23 {
  205. next-hop 10.54.56.254 {
  206. }
  207. }
  208. route 172.19.20.0/23 {
  209. next-hop 10.54.56.254 {
  210. }
  211. }
  212. route 172.20.224.167/32 {
  213. next-hop 10.54.56.254 {
  214. }
  215. }
  216. route 172.23.12.0/22 {
  217. next-hop 10.54.56.254 {
  218. }
  219. }
  220. route 193.253.67.88/29 {
  221. next-hop 10.54.56.254 {
  222. }
  223. }
  224. route 193.253.153.227/32 {
  225. next-hop 10.54.56.254 {
  226. }
  227. }
  228. route 193.253.153.228/32 {
  229. next-hop 10.54.56.254 {
  230. }
  231. }
  232. }
  233. }
  234. service {
  235. dhcp-server {
  236. disabled false
  237. hostfile-update disable
  238. shared-network-name LAN1 {
  239. authoritative disable
  240. subnet 192.168.1.0/24 {
  241. default-router 192.168.1.1
  242. dns-server 192.168.1.1
  243. lease 86400
  244. start 192.168.1.21 {
  245. stop 192.168.1.240
  246. }
  247. }
  248. }
  249. shared-network-name LAN2 {
  250. authoritative enable
  251. subnet 192.168.2.0/24 {
  252. default-router 192.168.2.1
  253. dns-server 192.168.2.1
  254. lease 86400
  255. start 192.168.2.21 {
  256. stop 192.168.2.200
  257. }
  258. }
  259. }
  260. }
  261. dns {
  262. forwarding {
  263. cache-size 150
  264. listen-on eth2
  265. listen-on eth0
  266. }
  267. }
  268. gui {
  269. https-port 443
  270. }
  271. nat {
  272. rule 5010 {
  273. outbound-interface pppoe0
  274. type masquerade
  275. }
  276. rule 5011 {
  277. outbound-interface br0
  278. type masquerade
  279. }
  280. }
  281. ssh {
  282. port 22
  283. protocol-version v2
  284. }
  285. upnp2 {
  286. listen-on eth0
  287. listen-on eth2
  288. nat-pmp enable
  289. secure-mode disable
  290. wan pppoe0
  291. }
  292. pppoe-server {
  293. dns-servers {
  294. server-1 80.10.246.2
  295. server-2 80.10.246.129
  296. }
  297. authentication {
  298. local-users {
  299. username fti/xxx {
  300. password xxx
  301. }
  302. }
  303. mode local
  304. }
  305. client-ip-pool {
  306. start 192.168.2.210
  307. stop 192.168.2.211
  308. }
  309. interface eth2.835
  310. mtu 1492
  311. }
  312.  
  313. }
  314. system {
  315. config-management {
  316. commit-revisions 50
  317. }
  318. host-name ubnt
  319. login {
  320. user ubnt {
  321. authentication {
  322. encrypted-password xxx
  323. }
  324. level admin
  325. }
  326. }
  327. ntp {
  328. server 0.ubnt.pool.ntp.org {
  329. }
  330. server 1.ubnt.pool.ntp.org {
  331. }
  332. server 2.ubnt.pool.ntp.org {
  333. }
  334. server 3.ubnt.pool.ntp.org {
  335. }
  336. }
  337. offload {
  338. ipv4 {
  339. forwarding enable
  340. pppoe enable
  341. vlan disable
  342. }
  343. }
  344. package {
  345. repository squeeze {
  346. components "main contrib non-free"
  347. distribution squeeze
  348. password ""
  349. url http://http.us.debian.org/debian
  350. username ""
  351. }
  352. repository squeeze-security {
  353. components main
  354. distribution squeeze/updates
  355. password ""
  356. url http://security.debian.org
  357. username ""
  358. }
  359. }
  360. syslog {
  361. global {
  362. facility all {
  363. level notice
  364. }
  365. facility protocols {
  366. level debug
  367. }
  368. }
  369. }
  370. time-zone Europe/Paris
  371. }
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!