API tools faq
paste
Guest User

WAN Bonding

a guest
Jul 12th, 2019
4,425
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.91 KB | None | 0 0
raw download clone embed print report
  1. firewall {
  2. all-ping enable
  3. broadcast-ping disable
  4. group {
  5. network-group PRIVATE_NETS {
  6. network 192.168.0.0/16
  7. network 172.16.0.0/12
  8. network 10.0.0.0/8
  9. }
  10. }
  11. ipv6-receive-redirects disable
  12. ipv6-src-route disable
  13. ip-src-route disable
  14. log-martians disable
  15. modify balance {
  16. rule 10 {
  17. action modify
  18. description "do NOT load balance lan to lan"
  19. destination {
  20. group {
  21. network-group PRIVATE_NETS
  22. }
  23. }
  24. modify {
  25. table main
  26. }
  27. }
  28. rule 20 {
  29. action modify
  30. description "do NOT load balance destination public address"
  31. destination {
  32. group {
  33. address-group ADDRv4_eth0
  34. }
  35. }
  36. modify {
  37. table main
  38. }
  39. }
  40. rule 30 {
  41. action modify
  42. description "do NOT load balance destination public address"
  43. destination {
  44. group {
  45. address-group ADDRv4_eth1
  46. }
  47. }
  48. modify {
  49. table main
  50. }
  51. }
  52. rule 110 {
  53. action modify
  54. modify {
  55. lb-group G
  56. }
  57. }
  58. }
  59. name WAN_IN {
  60. default-action drop
  61. description "WAN to internal"
  62. rule 10 {
  63. action accept
  64. description "Allow established/related"
  65. state {
  66. established enable
  67. related enable
  68. }
  69. }
  70. rule 20 {
  71. action drop
  72. description "Drop invalid state"
  73. state {
  74. invalid enable
  75. }
  76. }
  77. }
  78. name WAN_LOCAL {
  79. default-action drop
  80. description "WAN to router"
  81. rule 10 {
  82. action accept
  83. description "Allow established/related"
  84. state {
  85. established enable
  86. related enable
  87. }
  88. }
  89. rule 20 {
  90. action drop
  91. description "Drop invalid state"
  92. state {
  93. invalid enable
  94. }
  95. }
  96. }
  97. receive-redirects disable
  98. send-redirects enable
  99. source-validation disable
  100. syn-cookies enable
  101. }
  102. interfaces {
  103. bonding bond0 {
  104. address dhcp
  105. description Internet
  106. hash-policy layer2
  107. mode 802.3ad
  108. firewall {
  109. in {
  110. name WAN_IN
  111. }
  112. local {
  113. name WAN_LOCAL
  114. }
  115. }
  116. }
  117. ethernet eth0 {
  118. bond-group bond0
  119. duplex auto
  120. speed auto
  121. }
  122. ethernet eth1 {
  123. bond-group bond0
  124. duplex auto
  125. speed auto
  126. }
  127. ethernet eth2 {
  128. address 10.0.0.1/24
  129. description Local
  130. duplex auto
  131. firewall {
  132. in {
  133. modify balance
  134. }
  135. }
  136. speed auto
  137. }
  138. ethernet eth3 {
  139. duplex auto
  140. speed auto
  141. }
  142. loopback lo {
  143. }
  144. }
  145. port-forward {
  146. auto-firewall enable
  147. hairpin-nat enable
  148. lan-interface eth2
  149. wan-interface bond0
  150. }
  151. service {
  152. dhcp-server {
  153. disabled false
  154. hostfile-update disable
  155. shared-network-name LAN {
  156. authoritative enable
  157. subnet 10.0.0.0/24 {
  158. default-router 10.0.0.1
  159. dns-server 1.1.1.1
  160. dns-server 1.0.0.1
  161. lease 86400
  162. start 10.0.0.100 {
  163. stop 10.0.0.200
  164. }
  165. }
  166. }
  167. static-arp disable
  168. use-dnsmasq disable
  169. }
  170. dns {
  171. forwarding {
  172. cache-size 150
  173. listen-on eth2
  174. }
  175. }
  176. gui {
  177. http-port 80
  178. https-port 443
  179. older-ciphers enable
  180. }
  181. nat {
  182. rule 5000 {
  183. description "masquerade for WAN"
  184. outbound-interface bond0
  185. type masquerade
  186. }
  187. }
  188. ssh {
  189. port 22
  190. protocol-version v2
  191. }
  192. }
  193. system {
  194. conntrack {
  195. expect-table-size 4096
  196. hash-size 4096
  197. table-size 32768
  198. tcp {
  199. half-open-connections 512
  200. loose enable
  201. max-retrans 3
  202. }
  203. }
  204. host-name ubnt
  205. login {
  206. user ubnt {
  207. authentication {
  208. encrypted-password $5$jOBuZnlLKwUR.YC5$Yuw7SYCzeyML4u3ZK0n3D6lxJGNVFDIEns3/DQEOcZ3
  209. }
  210. level admin
  211. }
  212. }
  213. ntp {
  214. server 0.ubnt.pool.ntp.org {
  215. }
  216. server 1.ubnt.pool.ntp.org {
  217. }
  218. server 2.ubnt.pool.ntp.org {
  219. }
  220. server 3.ubnt.pool.ntp.org {
  221. }
  222. }
  223. offload {
  224. hwnat disable
  225. ipsec enable
  226. ipv4 {
  227. bonding enable
  228. forwarding enable
  229. gre enable
  230. pppoe enable
  231. vlan enable
  232. }
  233. ipv6 {
  234. bonding enable
  235. forwarding enable
  236. pppoe disable
  237. vlan enable
  238. }
  239. }
  240. syslog {
  241. global {
  242. facility all {
  243. level notice
  244. }
  245. facility protocols {
  246. level debug
  247. }
  248. }
  249. }
  250. time-zone UTC
  251. }
  252.  
  253.  
  254. /* Warning: Do not remove the following line. */
  255. /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:suspend@1:system@4:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
  256. /* Release version: v2.0.4.5199165.190605.1549 */
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!