firewall {

all-ping enable

broadcast-ping disable

ipv6-receive-redirects disable

ipv6-src-route disable

ip-src-route disable

log-martians enable

name WAN_IN {

default-action drop

description "packets from Internet to LAN"

enable-default-log

rule 1 {

action accept

description "allow established sessions"

log disable

protocol all

state {

established enable

invalid disable

new disable

related enable

}

}

rule 2 {

action drop

description "drop invalid state"

log disable

protocol all

state {

established disable

invalid enable

new disable

related disable

}

}

}

name WAN_LOCAL {

default-action drop

description "packets from Internet to the router"

rule 1 {

action accept

description "allow established session to the router"

log disable

protocol all

state {

established enable

invalid disable

new disable

related enable

}

}

rule 2 {

action drop

description "drop invalid state"

log disable

protocol all

state {

established disable

invalid enable

new disable

related disable

}

}

}

options {

mss-clamp {

interface-type pppoe

interface-type pptp

interface-type tun

mss 1452

}

}

receive-redirects disable

send-redirects enable

source-validation disable

syn-cookies enable

}

interfaces {

ethernet eth0 {

address 192.168.1.1/24

description LAN_ETH0

duplex auto

speed auto

}

ethernet eth1 {

description ISP

duplex auto

speed auto

vif 835 {

address dhcp

description ISP_DATA

dhcp-options {

client-option "send vendor-class-identifier "sagem";"

client-option "send user-class "\047FSVDSL_livebox.MLTV.softathome.Livebox3";"

client-option "request subnet-mask, routers, rfc3442-classless-static-routes;"

default-route update

default-route-distance 210

name-server update

}

egress-qos "0:0 1:0 2:0 3:0 4:0 5:0 6:6 7:0"

pppoe 0 {

default-route auto

firewall {

in {

name WAN_IN

}

local {

name WAN_LOCAL

}

}

mtu 1492

name-server auto

password XXXX

user-id fti/XXXX

}

}

vif 838 {

address dhcp

description ISP_TV_VOD

dhcp-options {

client-option "send vendor-class-identifier "sagem";"

client-option "send dhcp-client-identifier 1:XXXXXXXXXXXX;"

client-option "send user-class "\047FSVDSL_livebox.MLTV.softathome.Livebox3";"

client-option "request subnet-mask, routers, rfc3442-classless-static-routes;"

default-route no-update

default-route-distance 210

name-server update

}

egress-qos "0:4 1:4 2:4 3:4 4:4 5:4 6:4 7:4"

}

vif 840 {

address 192.168.255.254/32

description ISP_TV_STREAM

egress-qos "0:5 1:5 2:5 3:5 4:5 5:5 6:5 7:5"

}

}

ethernet eth2 {

address 192.168.2.1/24

description LAN_ETH2

duplex auto

speed auto

}

loopback lo {

}

}

protocols {

igmp-proxy {

disable-quickleave

interface eth0 {

role disabled

threshold 1

}

interface eth1 {

role disabled

threshold 1

}

interface eth1.835 {

role disabled

threshold 1

}

interface eth1.838 {

role disabled

threshold 1

}

interface eth1.840 {

alt-subnet 0.0.0.0/0

role upstream

threshold 1

}

interface eth2 {

alt-subnet 0.0.0.0/0

role downstream

threshold 1

}

}

}

service {

dhcp-server {

disabled false

hostfile-update disable

shared-network-name LAN_ETH0 {

authoritative disable

subnet 192.168.1.0/24 {

default-router 192.168.1.1

dns-server 192.168.1.1

lease 86400

start 192.168.1.2 {

stop 192.168.1.99

}

}

}

shared-network-name LAN_ETH2 {

authoritative enable

subnet 192.168.2.0/24 {

default-router 192.168.2.1

dns-server 192.168.2.1

lease 86400

start 192.168.2.21 {

stop 192.168.2.200

}

}

}

static-arp disable

use-dnsmasq disable

}

dns {

forwarding {

cache-size 1000

listen-on eth2

listen-on eth0

name-server 80.10.246.3

name-server 81.253.149.10

}

}

gui {

http-port 80

https-port 443

older-ciphers enable

}

mdns {

reflector

}

nat {

rule 5010 {

description "MASQ: WAN"

log disable

outbound-interface pppoe0

protocol all

type masquerade

}

rule 5011 {

description "MASQ: ORANGE"

log disable

outbound-interface eth1.838

protocol all

type masquerade

}

}

ssh {

port 22

protocol-version v2

}

upnp2 {

listen-on eth0

nat-pmp enable

port 34651

secure-mode disable

wan pppoe0

}

}

system {

config-management {

commit-revisions 50

}

host-name ubnt

login {

user ubnt {

authentication {

encrypted-password $1$zKNoUbAo$gomzUbYvgyUMcD436Wo66.

}

level admin

}

}

name-server 8.8.8.8

name-server 8.8.4.4

ntp {

server 0.ubnt.pool.ntp.org {

}

server 1.ubnt.pool.ntp.org {

}

server 2.ubnt.pool.ntp.org {

}

server 3.ubnt.pool.ntp.org {

}

}

offload {

hwnat disable

ipsec enable

ipv4 {

forwarding enable

gre enable

pppoe enable

vlan enable

}

ipv6 {

forwarding enable

pppoe enable

}

}

package {

repository wheezy {

components "main contrib non-free"

distribution wheezy

password ""

url http://http.us.debian.org/debian

username ""

}

repository wheezy-security {

components main

distribution wheezy/updates

password ""

url http://security.debian.org

username ""

}

}

syslog {

global {

facility all {

level notice

}

facility protocols {

level warning

}

}

}

time-zone Europe/Paris

}

 

 

/* Warning: Do not remove the following line. */

/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */

/* Release version: v1.10.5.5098915.180622.1355 */