Router Config

1. firewall {
2. all-ping enable
3. broadcast-ping disable
4. ipv6-receive-redirects disable
5. ipv6-src-route disable
6. ip-src-route disable
7. log-martians enable
8. name WAN_IN {
9. default-action drop
10. description "WAN to internal"
11. rule 20 {
12. action accept
13. description "Allow established/related"
14. state {
15. established enable
16. related enable
17. }
18. }
19. rule 30 {
20. action drop
21. description "Drop invalid state"
22. state {
23. invalid enable
24. }
25. }
26. }
27. name WAN_LOCAL {
28. default-action drop
29. description "WAN to router"
30. rule 10 {
31. action accept
32. description "Allow established/related"
33. state {
34. established enable
35. related enable
36. }
37. }
38. rule 20 {
39. action drop
40. description "Drop invalid state"
41. state {
42. invalid enable
43. }
44. }
45. }
46. receive-redirects disable
47. send-redirects enable
48. source-validation disable
49. syn-cookies enable
50. }
51. interfaces {
52. ethernet eth0 {
53. address 192.168.10.2/24
54. description WAN
55. duplex auto
56. firewall {
57. in {
58. name WAN_IN
59. }
60. local {
61. name WAN_LOCAL
62. }
63. }
64. speed auto
65. }
66. ethernet eth1 {
67. address dhcp
68. description Local
69. duplex auto
70. speed auto
71. }
72. ethernet eth2 {
73. address 10.0.2.1/24
74. description Local
75. duplex auto
76. speed auto
77. }
78. ethernet eth3 {
79. description Local
80. duplex auto
81. speed auto
82. }
83. ethernet eth4 {
84. address 192.168.1.1/24
85. description Local
86. duplex auto
87. poe {
88. output off
89. }
90. speed auto
91. vif 10 {
92. address 10.0.10.1/24
93. mtu 1500
94. }
95. vif 20 {
96. address 10.0.20.1/24
97. description
98. mtu 1500
99. }
100. vif 30 {
101. address 10.0.30.1/24
102. description
103. mtu 1500
104. }
105. }
106. loopback lo {
107. }
108. switch switch0 {
109. address 192.168.0.1/24
110. description Local
111. mtu 1500
112. switch-port {
113. vlan-aware disable
114. }
115. }
116. }
117. port-forward {
118. auto-firewall enable
119. hairpin-nat enable
120. lan-interface eth4.2
121. lan-interface eth4.10
122. rule 1 {
123. description Plex
124. forward-to {
125. address
126. port 32400
127. }
128. original-port 32400
129. protocol tcp_udp
130. }
131. wan-interface eth0
132. }
133. protocols {
134. static {
135. }
136. }
137. service {
138. dhcp-server {
139. disabled false
140. hostfile-update disable
141. shared-network-name Home {
142. authoritative disable
143. subnet 10.0.20.0/24 {
144. default-router 10.0.20.1
145. dns-server 10.0.10.2
146. dns-server 10.0.10.3
147. lease 86400
148. start 10.0.20.10 {
149. stop 10.0.20.255
150. }
151. }
152. }
153. shared-network-name Mgmt {
154. authoritative disable
155. subnet 192.168.1.0/24 {
156. default-router 192.168.1.1
157. dns-server 10.0.10.2
158. dns-server 10.0.10.3
159. lease 86400
160. start 192.168.1.2 {
161. stop 192.168.1.255
162. }
163. unifi-controller 192.168.1.9
164. }
165. }
166. shared-network-name Server {
167. authoritative disable
168. subnet 10.0.10.0/24 {
169. default-router 10.0.10.1
170. dns-server 10.0.10.2
171. dns-server 10.0.10.3
172. lease 86400
173. start 10.0.10.10 {
174. stop 10.0.10.255
175. }
176. static-mapping DATA02 {
177. ip-address 10.0.10.11
178. mac-address 00:50:56:9d:73:c1
179. }
180. static-mapping HDHR-1060F18C {
181. ip-address 10.0.10.17
182. mac-address 00:18:dd:06:0f:18
183. }
184. static-mapping media {
185. ip-address 10.0.10.14
186. mac-address 00:50:56:92:6d:fc
187. }
188. static-mapping plex {
189. ip-address 10.0.10.15
190. mac-address 00:50:56:92:3c:a2
191. }
192. unifi-controller 192.168.1.9
193. }
194. }
195. shared-network-name Test {
196. authoritative disable
197. subnet 10.0.2.0/24 {
198. default-router 10.0.2.1
199. dns-server 8.8.8.8
200. dns-server 8.8.4.4
201. lease 86400
202. start 10.0.2.2 {
203. stop 10.0.2.10
204. }
205. }
206. }
207. shared-network-name {
208. authoritative disable
209. subnet 10.0.30.0/24 {
210. default-router 10.0.30.1
211. dns-server 10.0.10.2
212. dns-server 10.0.10.3
213. lease 86400
214. start 10.0.30.2 {
215. stop 10.0.30.20
216. }
217. }
218. }
219. static-arp disable
220. use-dnsmasq disable
221. }
222. dns {
223. forwarding {
224. cache-size 150
225. listen-on switch0
226. }
227. }
228. gui {
229. http-port 80
230. https-port 443
231. older-ciphers enable
232. }
233. nat {
234. rule 5010 {
235. description "masquerade for WAN"
236. outbound-interface eth0
237. type masquerade
238. }
239. }
240. ssh {
241. port 22
242. protocol-version v2
243. }
244. unms {
245. disable
246. }
247. upnp {
248. listen-on eth4 {
249. outbound-interface eth0
250. }
251. listen-on eth4.20 {
252. outbound-interface eth0
253. }
254. }
255. }
256. system {
257. gateway-address 192.168.10.1
258. host-name ubnt
259. login {
260. user admin {
261. authentication {
262. encrypted-password ****************
263. }
264. level admin
265. }
266. }
267. name-server 8.8.8.8
268. name-server 192.168.10.1
269. ntp {
270. server 0.ubnt.pool.ntp.org {
271. }
272. server 1.ubnt.pool.ntp.org {
273. }
274. server 2.ubnt.pool.ntp.org {
275. }
276. server 3.ubnt.pool.ntp.org {
277. }
278. }
279. syslog {
280. global {
281. facility all {
282. level notice
283. }
284. facility protocols {
285. level debug
286. }
287. }
288. }
289. time-zone UTC
290. traffic-analysis {
291. dpi enable
292. export enable
293. }
294. }
295. traffic-control {
296. }