API tools faq
paste
Advertisement
Guest User

Edgerouter X telfort

a guest
Oct 18th, 2018
158
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.06 KB | None | 0 0
raw download clone embed print report
  1. firewall {
  2. all-ping enable
  3. broadcast-ping disable
  4. ipv6-receive-redirects disable
  5. ipv6-src-route disable
  6. ip-src-route disable
  7. log-martians enable
  8. name WAN_IN {
  9. default-action drop
  10. description "WAN to internal"
  11. rule 10 {
  12. action accept
  13. description "Allow established/related"
  14. state {
  15. established enable
  16. related enable
  17. }
  18. }
  19. rule 20 {
  20. action drop
  21. description "Drop invalid state"
  22. state {
  23. invalid enable
  24. }
  25. }
  26. }
  27. name WAN_LOCAL {
  28. default-action drop
  29. description "WAN to router"
  30. rule 10 {
  31. action accept
  32. description "Allow established/related"
  33. state {
  34. established enable
  35. related enable
  36. }
  37. }
  38. rule 20 {
  39. action drop
  40. description "Drop invalid state"
  41. state {
  42. invalid enable
  43. }
  44. }
  45. }
  46. receive-redirects disable
  47. send-redirects enable
  48. source-validation disable
  49. syn-cookies enable
  50. }
  51. interfaces {
  52. ethernet eth0 {
  53. duplex auto
  54. speed auto
  55. vif 4 {
  56. address dhcp
  57. description IP_TV
  58. dhcp-options {
  59. client-option "option vendor-class-identifier "IPTV_RG";"
  60. client-option "request subnet-mask, routers, rfc3442-classless-static-routes;"
  61. default-route no-update
  62. default-route-distance 210
  63. name-server update
  64. }
  65. mac 42:9C:A6:A5:E2:A1
  66. }
  67. vif 34 {
  68. address dhcp
  69. description Internet
  70. dhcp-options {
  71. default-route update
  72. default-route-distance 1
  73. name-server update
  74. }
  75. firewall {
  76. in {
  77. name WAN_IN
  78. }
  79. local {
  80. name WAN_LOCAL
  81. }
  82. }
  83. mac 42:9C:A6:A5:E2:9F
  84. }
  85. }
  86. ethernet eth1 {
  87. address 192.168.1.1/24
  88. description "Local 2"
  89. duplex auto
  90. speed auto
  91. }
  92. ethernet eth2 {
  93. description Local
  94. duplex auto
  95. speed auto
  96. }
  97. ethernet eth3 {
  98. description Local
  99. duplex auto
  100. speed auto
  101. }
  102. ethernet eth4 {
  103. description Local
  104. duplex auto
  105. poe {
  106. output pthru
  107. }
  108. speed auto
  109. }
  110. loopback lo {
  111. }
  112. switch switch0 {
  113. address 192.168.3.1/24
  114. description Local
  115. mtu 1500
  116. switch-port {
  117. interface eth2 {
  118. }
  119. interface eth3 {
  120. }
  121. interface eth4 {
  122. }
  123. vlan-aware disable
  124. }
  125. }
  126. }
  127. protocols {
  128. igmp-proxy {
  129. interface eth0.4 {
  130. alt-subnet 0.0.0.0/0
  131. role upstream
  132. threshold 1
  133. }
  134. interface eth1 {
  135. alt-subnet 0.0.0.0/0
  136. role downstream
  137. threshold 1
  138. }
  139. }
  140. }
  141. service {
  142. dhcp-server {
  143. disabled false
  144. global-parameters "option vendor-class-identifier code 60 = string;"
  145. global-parameters "option broadcast-address code 28 = ip-address;"
  146. hostfile-update disable
  147. shared-network-name LAN1 {
  148. authoritative enable
  149. subnet 192.168.1.0/24 {
  150. default-router 192.168.1.1
  151. dns-server 192.168.1.1
  152. lease 86400
  153. start 192.168.1.38 {
  154. stop 192.168.1.243
  155. }
  156. }
  157. }
  158. shared-network-name LAN2 {
  159. authoritative enable
  160. subnet 192.168.3.0/24 {
  161. default-router 192.168.3.1
  162. dns-server 192.168.3.1
  163. lease 86400
  164. start 192.168.3.38 {
  165. stop 192.168.3.243
  166. }
  167. }
  168. }
  169. static-arp disable
  170. use-dnsmasq disable
  171. }
  172. dns {
  173. forwarding {
  174. cache-size 150
  175. listen-on eth1
  176. listen-on switch0
  177. }
  178. }
  179. gui {
  180. http-port 80
  181. https-port 443
  182. older-ciphers enable
  183. }
  184. nat {
  185. rule 5000 {
  186. description "masquerade to IPTV network"
  187. destination {
  188. address 213.75.112.0/21
  189. }
  190. log disable
  191. outbound-interface eth0.4
  192. protocol all
  193. type masquerade
  194. }
  195. rule 5010 {
  196. description "masquerade for WAN"
  197. outbound-interface eth0.34
  198. type masquerade
  199. }
  200. }
  201. ssh {
  202. port 22
  203. protocol-version v2
  204. }
  205. }
  206. system {
  207. host-name ubnt
  208. login {
  209. user ubnt {
  210. authentication {
  211. encrypted-password $6$CmXAf5dF4ouandJ/$H8Cd.lvZcLShGIIXjcdb7WQkh4ayvzOw7e1uJ.Z75hg2TIAQEXaOJ.0nms70WYiNgulIXWChUHr9rTtBOe3Ej/
  212. }
  213. level admin
  214. }
  215. }
  216. ntp {
  217. server 0.ubnt.pool.ntp.org {
  218. }
  219. server 1.ubnt.pool.ntp.org {
  220. }
  221. server 2.ubnt.pool.ntp.org {
  222. }
  223. server 3.ubnt.pool.ntp.org {
  224. }
  225. }
  226. syslog {
  227. global {
  228. facility all {
  229. level notice
  230. }
  231. facility protocols {
  232. level debug
  233. }
  234. }
  235. }
  236. time-zone UTC
  237. }
  238.  
  239.  
  240. /* Warning: Do not remove the following line. */
  241. /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:suspend@1:system@4:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
  242. /* Release version: v1.10.7.5127989.181001.1227 */
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!