c0mm0n

Untitled

Jul 13th, 2014
300
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.24 KB | None | 0 0
  1. firewall {
  2. all-ping enable
  3. broadcast-ping disable
  4. ipv6-receive-redirects disable
  5. ipv6-src-route disable
  6. ip-src-route disable
  7. log-martians enable
  8. name WAN_IN {
  9. default-action drop
  10. description "packets from Internet to LAN"
  11. enable-default-log
  12. rule 1 {
  13. action accept
  14. description "allow established sessions"
  15. log disable
  16. protocol all
  17. state {
  18. established enable
  19. invalid disable
  20. new disable
  21. related enable
  22. }
  23. }
  24. rule 2 {
  25. action drop
  26. description "drop invalid state"
  27. log disable
  28. protocol all
  29. state {
  30. established disable
  31. invalid enable
  32. new disable
  33. related disable
  34. }
  35. }
  36. }
  37. name WAN_LOCAL {
  38. default-action drop
  39. description "packets from Internet to the router"
  40. rule 1 {
  41. action accept
  42. description "allow established session to the router"
  43. log disable
  44. protocol all
  45. state {
  46. established enable
  47. invalid disable
  48. new disable
  49. related enable
  50. }
  51. }
  52. rule 2 {
  53. action drop
  54. description "drop invalid state"
  55. log disable
  56. protocol all
  57. state {
  58. established disable
  59. invalid enable
  60. new disable
  61. related disable
  62. }
  63. }
  64. }
  65. options {
  66. mss-clamp {
  67. mss 1452
  68. }
  69. }
  70. receive-redirects disable
  71. send-redirects enable
  72. source-validation disable
  73. syn-cookies enable
  74. }
  75. interfaces {
  76. bridge br1 {
  77. aging 300
  78. hello-time 2
  79. max-age 20
  80. priority 0
  81. promiscuous disable
  82. stp false
  83. }
  84. bridge br0 {
  85. aging 300
  86. hello-time 2
  87. max-age 20
  88. priority 0
  89. promiscuous disable
  90. stp false
  91. }
  92. ethernet eth0 {
  93. address 192.168.1.1/24
  94. description Local
  95. duplex auto
  96. speed auto
  97.  
  98. }
  99. ethernet eth1 {
  100. description "Internet (PPPoE)"
  101. duplex auto
  102. speed auto
  103. vif 835 {
  104. address dhcp
  105. description FTTH
  106. pppoe 0 {
  107. default-route auto
  108. firewall {
  109. in {
  110. name WAN_IN
  111. }
  112. local {
  113. name WAN_LOCAL
  114. }
  115. }
  116. mtu 1492
  117. name-server auto
  118. password xxx
  119. user-id fti/xxx
  120. }
  121. }
  122. vif 838 {
  123. bridge-group {
  124. bridge br0
  125. }
  126. description TV
  127. }
  128. vif 840 {
  129. bridge-group {
  130. bridge br0
  131. }
  132. description TV
  133. }
  134. vif 851 {
  135. bridge-group {
  136. bridge br1
  137. }
  138. }
  139. }
  140. ethernet eth2 {
  141. address 192.168.2.1/24
  142. description "Local 2"
  143. duplex auto
  144. speed auto
  145. vif 835 {
  146. }
  147. vif 851 {
  148. bridge-group {
  149. bridge br1
  150. }
  151. }
  152.  
  153. }
  154. loopback lo {
  155. }
  156. }
  157. port-forward {
  158. auto-firewall enable
  159. hairpin-nat enable
  160. lan-interface eth2
  161. lan-interface eth0
  162. rule 1 {
  163. description "VPN PPTP"
  164. forward-to {
  165. address 192.168.2.2
  166. port 1723
  167. }
  168. original-port 1723
  169. protocol tcp_udp
  170. }
  171. wan-interface pppoe0
  172. }
  173. protocols {
  174. igmp-proxy {
  175. interface br0 {
  176. alt-subnet 0.0.0.0/0
  177. role upstream
  178. threshold 1
  179. }
  180. interface eth0 {
  181. alt-subnet 0.0.0.0/0
  182. role downstream
  183. threshold 1
  184. }
  185. interface eth2 {
  186. alt-subnet 0.0.0.0/0
  187. role downstream
  188. threshold 1
  189. }
  190. }
  191. static {
  192. route 80.10.117.120/31 {
  193. next-hop 10.54.56.254 {
  194. }
  195. }
  196. route 81.253.206.0/24 {
  197. next-hop 10.54.56.254 {
  198. }
  199. }
  200. route 81.253.210.0/23 {
  201. next-hop 10.54.56.254 {
  202. }
  203. }
  204. route 81.253.214.0/23 {
  205. next-hop 10.54.56.254 {
  206. }
  207. }
  208. route 172.19.20.0/23 {
  209. next-hop 10.54.56.254 {
  210. }
  211. }
  212. route 172.20.224.167/32 {
  213. next-hop 10.54.56.254 {
  214. }
  215. }
  216. route 172.23.12.0/22 {
  217. next-hop 10.54.56.254 {
  218. }
  219. }
  220. route 193.253.67.88/29 {
  221. next-hop 10.54.56.254 {
  222. }
  223. }
  224. route 193.253.153.227/32 {
  225. next-hop 10.54.56.254 {
  226. }
  227. }
  228. route 193.253.153.228/32 {
  229. next-hop 10.54.56.254 {
  230. }
  231. }
  232. }
  233. }
  234. service {
  235. dhcp-server {
  236. disabled false
  237. hostfile-update disable
  238. shared-network-name LAN1 {
  239. authoritative disable
  240. subnet 192.168.1.0/24 {
  241. default-router 192.168.1.1
  242. dns-server 192.168.1.1
  243. lease 86400
  244. start 192.168.1.21 {
  245. stop 192.168.1.240
  246. }
  247. }
  248. }
  249. shared-network-name LAN2 {
  250. authoritative enable
  251. subnet 192.168.2.0/24 {
  252. default-router 192.168.2.1
  253. dns-server 192.168.2.1
  254. lease 86400
  255. start 192.168.2.21 {
  256. stop 192.168.2.200
  257. }
  258. }
  259. }
  260. }
  261. dns {
  262. forwarding {
  263. cache-size 150
  264. listen-on eth2
  265. listen-on eth0
  266. }
  267. }
  268. gui {
  269. https-port 443
  270. }
  271. nat {
  272. rule 5010 {
  273. outbound-interface pppoe0
  274. type masquerade
  275. }
  276. rule 5011 {
  277. outbound-interface br0
  278. type masquerade
  279. }
  280. }
  281. ssh {
  282. port 22
  283. protocol-version v2
  284. }
  285. upnp2 {
  286. listen-on eth0
  287. listen-on eth2
  288. nat-pmp enable
  289. secure-mode disable
  290. wan pppoe0
  291. }
  292. pppoe-server {
  293. dns-servers {
  294. server-1 80.10.246.2
  295. server-2 80.10.246.129
  296. }
  297. authentication {
  298. local-users {
  299. username fti/xxx {
  300. password xxx
  301. }
  302. }
  303. mode local
  304. }
  305. client-ip-pool {
  306. start 192.168.2.210
  307. stop 192.168.2.211
  308. }
  309. interface eth2.835
  310. mtu 1492
  311. }
  312.  
  313. }
  314. system {
  315. config-management {
  316. commit-revisions 50
  317. }
  318. host-name ubnt
  319. login {
  320. user ubnt {
  321. authentication {
  322. encrypted-password xxx
  323. }
  324. level admin
  325. }
  326. }
  327. ntp {
  328. server 0.ubnt.pool.ntp.org {
  329. }
  330. server 1.ubnt.pool.ntp.org {
  331. }
  332. server 2.ubnt.pool.ntp.org {
  333. }
  334. server 3.ubnt.pool.ntp.org {
  335. }
  336. }
  337. offload {
  338. ipv4 {
  339. forwarding enable
  340. pppoe enable
  341. vlan disable
  342. }
  343. }
  344. package {
  345. repository squeeze {
  346. components "main contrib non-free"
  347. distribution squeeze
  348. password ""
  349. url http://http.us.debian.org/debian
  350. username ""
  351. }
  352. repository squeeze-security {
  353. components main
  354. distribution squeeze/updates
  355. password ""
  356. url http://security.debian.org
  357. username ""
  358. }
  359. }
  360. syslog {
  361. global {
  362. facility all {
  363. level notice
  364. }
  365. facility protocols {
  366. level debug
  367. }
  368. }
  369. }
  370. time-zone Europe/Paris
  371. }
Advertisement
Add Comment
Please, Sign In to add comment