2018-02-19 Config

1. firewall {
2. all-ping enable
3. broadcast-ping disable
4. ipv6-receive-redirects disable
5. ipv6-src-route disable
6. ip-src-route disable
7. log-martians enable
8. name WAN_IN {
9. default-action drop
10. description "WAN to internal"
11. rule 10 {
12. action accept
13. description "Allow established/related"
14. state {
15. established enable
16. related enable
17. }
18. }
19. rule 20 {
20. action drop
21. description "Drop invalid state"
22. state {
23. invalid enable
24. }
25. }
26. }
27. name WAN_LOCAL {
28. default-action drop
29. description "WAN to router"
30. rule 10 {
31. action accept
32. description "Allow established/related"
33. state {
34. established enable
35. related enable
36. }
37. }
38. rule 20 {
39. action drop
40. description "Drop invalid state"
41. state {
42. invalid enable
43. }
44. }
45. }
46. name WAN_OUT {
47. default-action accept
48. description "WAN Out"
49. }
50. receive-redirects disable
51. send-redirects enable
52. source-validation disable
53. syn-cookies enable
54. }
55. interfaces {
56. ethernet eth0 {
57. address dhcp
58. description Internet
59. duplex auto
60. firewall {
61. in {
62. name WAN_IN
63. }
64. local {
65. name WAN_LOCAL
66. }
67. out {
68. name WAN_OUT
69. }
70. }
71. speed auto
72. }
73. ethernet eth1 {
74. address 192.168.2.1/24
75. description "Separate Network"
76. duplex auto
77. poe {
78. output off
79. }
80. speed auto
81. }
82. ethernet eth2 {
83. description "Home Network eth2"
84. duplex auto
85. poe {
86. output off
87. }
88. speed auto
89. }
90. ethernet eth3 {
91. description "Home Network eth3"
92. duplex auto
93. poe {
94. output off
95. }
96. speed auto
97. }
98. ethernet eth4 {
99. description AP
100. duplex auto
101. poe {
102. output 24v
103. }
104. speed auto
105. }
106. ethernet eth5 {
107. disable
108. duplex auto
109. speed auto
110. }
111. loopback lo {
112. }
113. switch switch0 {
114. description Local
115. mtu 1500
116. switch-port {
117. interface eth2 {
118. vlan {
119. pvid 30
120. }
121. }
122. interface eth3 {
123. vlan {
124. pvid 30
125. }
126. }
127. interface eth4 {
128. vlan {
129. pvid 30
130. vid 40
131. vid 50
132. }
133. }
134. vlan-aware enable
135. }
136. vif 30 {
137. address 192.168.3.1/24
138. description "Home Network"
139. mtu 1500
140. }
141. vif 40 {
142. address 192.168.4.1/24
143. description "Home Wireless"
144. mtu 1500
145. }
146. vif 50 {
147. address 192.168.5.1/24
148. description "Guest Network"
149. mtu 1500
150. }
151. }
152. }
153. service {
154. dhcp-server {
155. disabled false
156. hostfile-update disable
157. shared-network-name LAN1 {
158. authoritative enable
159. subnet 192.168.2.0/24 {
160. default-router 192.168.2.1
161. dns-server 9.9.9.9
162. dns-server 149.112.112.112
163. lease 86400
164. start 192.168.2.38 {
165. stop 192.168.2.243
166. }
167. }
168. }
169. shared-network-name LAN2 {
170. authoritative disable
171. subnet 192.168.3.0/24 {
172. default-router 192.168.3.1
173. dns-server 9.9.9.9
174. lease 86400
175. start 192.168.3.38 {
176. stop 192.168.3.243
177. }
178. }
179. }
180. shared-network-name VLAN30 {
181. authoritative disable
182. disable
183. subnet 192.168.3.0/24 {
184. default-router 192.168.3.1
185. dns-server 192.168.3.1
186. lease 86400
187. start 192.168.3.38 {
188. stop 192.168.3.243
189. }
190. }
191. }
192. shared-network-name VLAN40 {
193. authoritative disable
194. subnet 192.168.4.0/24 {
195. default-router 192.168.4.1
196. dns-server 192.168.4.1
197. lease 86400
198. start 192.168.4.38 {
199. stop 192.168.4.243
200. }
201. }
202. }
203. shared-network-name VLAN50 {
204. authoritative disable
205. subnet 192.168.5.0/24 {
206. default-router 192.168.5.1
207. dns-server 192.168.5.1
208. lease 86400
209. start 192.168.5.38 {
210. stop 192.168.5.243
211. }
212. }
213. }
214. static-arp disable
215. use-dnsmasq disable
216. }
217. dns {
218. forwarding {
219. cache-size 400
220. listen-on switch0.30
221. listen-on switch0.40
222. listen-on switch0.50
223. name-server 9.9.9.9
224. }
225. }
226. gui {
227. http-port 80
228. https-port 443
229. older-ciphers enable
230. }
231. nat {
232. rule 5010 {
233. description "masquerade for WAN"
234. outbound-interface eth0
235. type masquerade
236. }
237. }
238. ssh {
239. port 22
240. protocol-version v2
241. }
242. unms {
243. disable
244. }
245. }
246. system {
247. host-name ubnt
248. login {
249.  
250. }
251. }
252. ntp {
253. server 0.ubnt.pool.ntp.org {
254. }
255. server 1.ubnt.pool.ntp.org {
256. }
257. server 2.ubnt.pool.ntp.org {
258. }
259. server 3.ubnt.pool.ntp.org {
260. }
261. }
262. offload {
263. hwnat enable
264. }
265. syslog {
266. global {
267. facility all {
268. level notice
269. }
270. facility protocols {
271. level debug
272. }
273. }
274. }
275. time-zone America/Los_Angeles
276. traffic-analysis {
277. dpi enable
278. export enable
279. }
280. }
281. traffic-control {
282. smart-queue SQM {
283. upload {
284. ecn enable
285. flows 1024
286. fq-quantum 1514
287. limit 10240
288. rate 4.5mbit
289. }
290. wan-interface eth0
291. }
292. }
293.  
294.  
295. /* Warning: Do not remove the following line. */
296. /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
297. /* Release version: v1.10.0.5056246.180125.0954 */