API tools faq
paste
Advertisement
Guest User

Install script edgerouter

a guest
Apr 7th, 2017
1,082
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.81 KB | None | 0 0
raw download clone embed print report
  1. ) Setup interface eth1 and configure the DHCP/DNS server
  2.  
  3. configure
  4.  
  5. set interfaces ethernet eth1 address 192.168.1.254/24
  6. set interfaces ethernet eth1 description "eth1 - LAN"
  7. set interfaces ethernet eth1 duplex auto
  8. set interfaces ethernet eth1 speed auto
  9.  
  10. set service dhcp-server disabled false
  11. set service dhcp-server hostfile-update disable
  12. set service dhcp-server shared-network-name LAN authoritative enable
  13. set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24
  14. set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 default-router 192.168.2.254
  15. set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server 8.8.8.8
  16. set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server 8.8.4.4
  17. set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 lease 86400
  18. set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 start 192.168.1.50
  19. set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 start 192.168.1.50 stop 192.168.1.200
  20.  
  21. set service dns forwarding cache-size 150
  22. set service dns forwarding listen-on eth1
  23. set service dns forwarding name-server 8.8.8.8
  24. set service dns forwarding name-server 8.8.4.4
  25. set service dns forwarding options listen-address=192.168.1.254
  26.  
  27. commit
  28. save
  29. exit
  30.  
  31. ) Configure firewall
  32.  
  33. configure
  34.  
  35. set firewall all-ping enable
  36. set firewall broadcast-ping disable
  37. set firewall ipv6-receive-redirects disable
  38. set firewall ipv6-src-route disable
  39. set firewall ip-src-route disable
  40. set firewall log-martians enable
  41. set firewall receive-redirects disable
  42. set firewall send-redirects enable
  43. set firewall source-validation disable
  44. set firewall syn-cookies enable
  45.  
  46. set firewall name WAN_IN default-action drop
  47. set firewall name WAN_IN description "WAN to Internal"
  48. set firewall name WAN_IN enable-default-log
  49. set firewall name WAN_IN rule 10 action accept
  50. set firewall name WAN_IN rule 10 description "Allow established/related"
  51. set firewall name WAN_IN rule 10 log enable
  52. set firewall name WAN_IN rule 10 protocol all
  53. set firewall name WAN_IN rule 10 state established enable
  54. set firewall name WAN_IN rule 10 state invalid disable
  55. set firewall name WAN_IN rule 10 state new disable
  56. set firewall name WAN_IN rule 10 state related enable
  57.  
  58. set firewall name WAN_IN rule 20 action drop
  59. set firewall name WAN_IN rule 20 description "Drop invalid state"
  60. set firewall name WAN_IN rule 20 log enable
  61. set firewall name WAN_IN rule 20 protocol all
  62. set firewall name WAN_IN rule 20 state established disable
  63. set firewall name WAN_IN rule 20 state invalid enable
  64. set firewall name WAN_IN rule 20 state new disable
  65. set firewall name WAN_IN rule 20 state related disable
  66.  
  67. set firewall name WAN_LOCAL default-action drop
  68. set firewall name WAN_LOCAL description "WAN to router"
  69. set firewall name WAN_LOCAL enable-default-log
  70. set firewall name WAN_LOCAL rule 10 action accept
  71. set firewall name WAN_LOCAL rule 10 description "Allow established/related"
  72. set firewall name WAN_LOCAL rule 10 log disable
  73. set firewall name WAN_LOCAL rule 10 protocol all
  74. set firewall name WAN_LOCAL rule 10 state established enable
  75. set firewall name WAN_LOCAL rule 10 state invalid disable
  76. set firewall name WAN_LOCAL rule 10 state new disable
  77. set firewall name WAN_LOCAL rule 10 state related enable
  78.  
  79. set firewall name WAN_LOCAL rule 20 action drop
  80. set firewall name WAN_LOCAL rule 20 description "Drop invalid state"
  81. set firewall name WAN_LOCAL rule 20 log disable
  82. set firewall name WAN_LOCAL rule 20 protocol all
  83. set firewall name WAN_LOCAL rule 20 state established disable
  84. set firewall name WAN_LOCAL rule 20 state invalid enable
  85. set firewall name WAN_LOCAL rule 20 state new disable
  86. set firewall name WAN_LOCAL rule 20 state related disable
  87.  
  88. commit
  89. save
  90. exit
  91.  
  92.  
  93. ) Generate the configuration line for user-id, used to set the pppoe authentication
  94.  
  95. sudo su
  96. pppoe_id=$(ifconfig | grep -m 1 eth0 | awk '{print $5}' | awk -F':' '{print "set interfaces ethernet eth0 vif 6 pppoe 0 user-id "$1"-"$2"-"$3"-"$4"-"$5"-"$6"@internet"}')
  97. echo "$pppoe_id"
  98. exit
  99.  
  100. configure
  101.  
  102. delete interfaces ethernet eth0 address
  103.  
  104. set interfaces ethernet eth0 description "eth0 - FTU"
  105. set interfaces ethernet eth0 duplex auto
  106. set interfaces ethernet eth0 speed auto
  107. set interfaces ethernet eth0 mtu 1512
  108.  
  109. set interfaces ethernet eth0 vif 6 description "eth0.6 - Internet"
  110. set interfaces ethernet eth0 vif 6 mtu 1508
  111.  
  112. set interfaces ethernet eth0 vif 6 pppoe 0 password kpn
  113. set interfaces ethernet eth0 vif 6 pppoe 0 default-route auto
  114. set interfaces ethernet eth0 vif 6 pppoe 0 name-server auto
  115. set interfaces ethernet eth0 vif 6 pppoe 0 idle-timeout 180
  116. set interfaces ethernet eth0 vif 6 pppoe 0 mtu 1500
  117.  
  118. set interfaces ethernet eth0 vif 6 pppoe 0 firewall in name WAN_IN
  119. set interfaces ethernet eth0 vif 6 pppoe 0 firewall local name WAN_LOCAL
  120.  
  121. set system name-server 8.8.8.8
  122. set system name-server 8.8.4.4
  123.  
  124. commit
  125. save
  126. exit
  127.  
  128.  
  129.  
  130. ) Configure hardware offloading for the IPv4 connection
  131.  
  132. configure
  133.  
  134. set system offload ipv4 forwarding enable
  135. set system offload ipv4 pppoe enable
  136. set system offload ipv4 vlan enable
  137.  
  138. commit
  139. save
  140. exit
  141.  
  142.  
  143. ) Configure NAT to allow the LAN to access the internet
  144.  
  145.  
  146.  
  147. configure
  148.  
  149. set service nat rule 5010 description "KPN Internet"
  150. set service nat rule 5010 log enable
  151. set service nat rule 5010 outbound-interface pppoe0
  152. set service nat rule 5010 protocol all
  153. set service nat rule 5010 source address 192.168.2.0/24
  154. set service nat rule 5010 type masquerade
  155.  
  156. commit
  157. save
  158. exit
  159.  
  160. ) Enable Traffic inspection (DPI)
  161.  
  162.  
  163.  
  164. configure
  165.  
  166. set system traffic-analysis dpi enable
  167. set system traffic-analysis export enable
  168.  
  169. commit
  170. save
  171. exit
  172.  
  173.  
  174. ) Add the Debian APT repository (to install tools like nano/iptraf)
  175.  
  176. configure
  177.  
  178. set system package repository wheezy components "main contrib non-free"
  179. set system package repository wheezy distribution wheezy
  180. set system package repository wheezy url http://mirror.leaseweb.com/debian
  181. set system package repository wheezy-security components main
  182. set system package repository wheezy-security distribution wheezy/updates
  183. set system package repository wheezy-security url http://security.debian.org
  184.  
  185. commit
  186. save
  187. exit
  188.  
  189. sudo apt-get update
  190. sudo apt-get install package
  191.  
  192.  
  193. ) Configure a bridge between Edgerouter and switch for IPTV
  194.  
  195.  
  196. configure
  197.  
  198.  
  199. set interfaces bridge br0
  200. set interfaces ethernet eth0 vif 4 bridge-group bridge br0
  201. set interfaces ethernet eth0 vif 4 description "eth0.4 - IPTV"
  202. set interfaces ethernet eth0 vif 4 mtu 1500
  203.  
  204. set interfaces ethernet eth4 description "eth4 - IPTV"
  205. set interfaces ethernet eth4 duplex auto
  206. set interfaces ethernet eth4 speed auto
  207. set interfaces ethernet eth4 vif 4 bridge-group bridge br0
  208. set interfaces ethernet eth4 vif 4 description "eth4.4 - IPTV"
  209. set interfaces ethernet eth4 vif 4 mtu 1500
  210.  
  211. commit
  212. save
  213. exit
  214.  
  215.  
  216. ) Setup routed IPTV
  217.  
  218.  
  219. configure
  220.  
  221. set interfaces ethernet eth0 vif 4 address dhcp
  222. set interfaces ethernet eth0 vif 4 description "eth0.4 - IPTV"
  223. set interfaces ethernet eth0 vif 4 dhcp-options client-option "send vendor-class-identifier "IPTV_RG";"
  224. set interfaces ethernet eth0 vif 4 dhcp-options client-option "request subnet-mask, routers, rfc3442-classless-static-routes;"
  225. set interfaces ethernet eth0 vif 4 dhcp-options default-route no-update
  226. set interfaces ethernet eth0 vif 4 dhcp-options default-route-distance 210
  227. set interfaces ethernet eth0 vif 4 dhcp-options name-server update
  228.  
  229. commit
  230. save
  231. exit
  232.  
  233.  
  234. ) Modify our DHCP configuration to include IPTV parameters
  235.  
  236. configure
  237.  
  238. set service dhcp-server global-parameters "option vendor-class-identifier code 60 = string;"
  239. set service dhcp-server global-parameters "option broadcast-address code 28 = ip-address;"
  240.  
  241. commit
  242. save
  243. exit
  244.  
  245. ) NAT rules are required for the IPTV settop box to connect to the IPTV platform
  246. ) The following commands will return 2 configuration lines required.
  247.  
  248.  
  249. sudo su
  250. r_ip=$(show dhcp client leases | grep router | awk '{ print $3 }');
  251. iptv_static=$(echo "set protocols static route 213.75.112.0/21 next-hop $r_ip")
  252. echo -e "$iptv_static"
  253. exit
  254.  
  255. configure
  256.  
  257. set service nat rule 5000 description IPTV
  258. set service nat rule 5000 log disable
  259. set service nat rule 5000 outbound-interface eth4.4
  260. set service nat rule 5000 protocol all
  261. set service nat rule 5000 destination address 213.75.112.0/21
  262. set service nat rule 5000 type masquerade
  263.  
  264. commit
  265. save
  266. exit
  267.  
  268. > Setup the IGMP Proxy
  269.  
  270.  
  271.  
  272. configure
  273.  
  274. set protocols igmp-proxy interface eth4.4 alt-subnet 0.0.0.0/0
  275. set protocols igmp-proxy interface eth4.4 role upstream
  276. set protocols igmp-proxy interface eth4.4 threshold 1
  277. set protocols igmp-proxy interface eth1 alt-subnet 0.0.0.0/0
  278. set protocols igmp-proxy interface eth1 role downstream
  279. set protocols igmp-proxy interface eth1 threshold 1
  280.  
  281. commit
  282. save
  283. exit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!