API tools faq
paste
Advertisement
Guest User

Edgerouter X ~ MEO IPTV

a guest
Jan 6th, 2019
1,966
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.63 KB | None | 0 0
raw download clone embed print report
  1. firewall {
  2. all-ping enable
  3. broadcast-ping disable
  4. group {
  5. network-group MEO_IPTV_DESTINATION {
  6. description ""
  7. network 232.0.0.0/8
  8. network 235.0.0.0/8
  9. network 239.0.0.0/8
  10. }
  11. network-group MEO_IPTV_NETWORKS {
  12. description ""
  13. network 10.0.0.0/8
  14. network 195.0.0.0/8
  15. network 213.0.0.0/8
  16. network 194.0.0.0/8
  17. }
  18. network-group PROTECTED_NETWORKS {
  19. description ""
  20. network 172.16.0.0/16
  21. }
  22. }
  23. ipv6-receive-redirects disable
  24. ipv6-src-route disable
  25. ip-src-route disable
  26. log-martians enable
  27. name WAN_IN {
  28. default-action drop
  29. description "WAN to internal"
  30. rule 10 {
  31. action accept
  32. description "Allow Multicast"
  33. destination {
  34. group {
  35. network-group MEO_IPTV_DESTINATION
  36. }
  37. }
  38. log disable
  39. protocol udp
  40. source {
  41. group {
  42. network-group MEO_IPTV_NETWORKS
  43. }
  44. }
  45. }
  46. rule 20 {
  47. action accept
  48. description "Allow IGMP"
  49. log disable
  50. protocol igmp
  51. }
  52. rule 30 {
  53. action accept
  54. description "Allow established/related"
  55. state {
  56. established enable
  57. related enable
  58. }
  59. }
  60. rule 40 {
  61. action drop
  62. description "Drop invalid state"
  63. state {
  64. invalid enable
  65. }
  66. }
  67. }
  68. name WAN_LOCAL {
  69. default-action drop
  70. description "WAN to router"
  71. rule 10 {
  72. action accept
  73. description "Allow IGMP"
  74. log disable
  75. protocol igmp
  76. }
  77. rule 20 {
  78. action accept
  79. description "Allow ICMP"
  80. log disable
  81. protocol icmp
  82. }
  83. rule 30 {
  84. action accept
  85. description "Allow established/related"
  86. state {
  87. established enable
  88. related enable
  89. }
  90. }
  91. rule 40 {
  92. action drop
  93. description "Drop invalid state"
  94. state {
  95. invalid enable
  96. }
  97. }
  98. }
  99. receive-redirects disable
  100. send-redirects enable
  101. source-validation disable
  102. syn-cookies enable
  103. }
  104. interfaces {
  105. ethernet eth0 {
  106. description WAN
  107. duplex auto
  108. speed auto
  109. vif 12 {
  110. address dhcp
  111. description MEO VLAN
  112. firewall {
  113. in {
  114. name WAN_IN
  115. }
  116. local {
  117. name WAN_LOCAL
  118. }
  119. }
  120. }
  121. }
  122. ethernet eth1 {
  123. description LAN
  124. duplex auto
  125. speed auto
  126. }
  127. ethernet eth2 {
  128. description N/A
  129. disable
  130. duplex auto
  131. speed auto
  132. }
  133. ethernet eth3 {
  134. description N/A
  135. disable
  136. duplex auto
  137. speed auto
  138. }
  139. ethernet eth4 {
  140. address 172.16.253.1/24
  141. description IPTV
  142. duplex auto
  143. poe {
  144. output off
  145. }
  146. speed auto
  147. }
  148. loopback lo {
  149. }
  150. switch switch0 {
  151. address 172.16.10.1/24
  152. description "MAIN LAN"
  153. mtu 1500
  154. switch-port {
  155. interface eth1 {
  156. }
  157. vlan-aware disable
  158. }
  159. vif 1337 {
  160. address 172.16.254.1/24
  161. description "GUEST LAN"
  162. mtu 1500
  163. }
  164. }
  165. }
  166. port-forward {
  167. auto-firewall enable
  168. hairpin-nat enable
  169. lan-interface switch0
  170. wan-interface eth0.12
  171. }
  172. protocols {
  173. igmp-proxy {
  174. interface eth0.12 {
  175. alt-subnet 0.0.0.0/0
  176. role upstream
  177. threshold 1
  178. }
  179. interface eth4 {
  180. alt-subnet 172.16.253.0/24
  181. role downstream
  182. threshold 1
  183. }
  184. }
  185. }
  186. service {
  187. dhcp-server {
  188. disabled false
  189. hostfile-update disable
  190. shared-network-name GUEST {
  191. authoritative disable
  192. subnet 172.16.254.0/24 {
  193. default-router 172.16.254.1
  194. dns-server 172.16.254.1
  195. domain-name ragenetwork.guest
  196. lease 604800
  197. start 172.16.254.100 {
  198. stop 172.16.254.199
  199. }
  200. unifi-controller 172.16.10.202
  201. }
  202. }
  203. shared-network-name IPTV {
  204. authoritative disable
  205. subnet 172.16.253.0/24 {
  206. default-router 172.16.253.1
  207. dns-server 172.16.253.1
  208. domain-name ragenetwork.iptv
  209. lease 604800
  210. start 172.16.253.10 {
  211. stop 172.16.253.19
  212. }
  213. }
  214. }
  215. shared-network-name LAN {
  216. authoritative enable
  217. subnet 172.16.10.0/24 {
  218. default-router 172.16.10.1
  219. dns-server 172.16.10.1
  220. domain-name ragenetwork.lan
  221. lease 604800
  222. start 172.16.10.100 {
  223. stop 172.16.10.199
  224. }
  225. unifi-controller 172.16.10.202
  226. }
  227. }
  228. static-arp disable
  229. use-dnsmasq disable
  230. }
  231. dns {
  232. forwarding {
  233. cache-size 10000
  234. listen-on switch0
  235. listen-on switch0.1337
  236. listen-on eth4
  237. system
  238. }
  239. }
  240. gui {
  241. http-port 80
  242. https-port 443
  243. older-ciphers enable
  244. }
  245. nat {
  246. rule 5010 {
  247. description "masquerade for WAN"
  248. outbound-interface eth0.12
  249. type masquerade
  250. }
  251. }
  252. ssh {
  253. port 22
  254. protocol-version v2
  255. }
  256. ubnt-discover {
  257. disable
  258. }
  259. unms {
  260. disable
  261. }
  262. upnp {
  263. listen-on switch0 {
  264. outbound-interface eth0.12
  265. }
  266. }
  267. }
  268. system {
  269. domain-name ragenetwork.lan
  270. host-name Router
  271. }
  272. name-server 1.1.1.1
  273. name-server 1.0.0.1
  274. ntp {
  275. server 0.ubnt.pool.ntp.org {
  276. }
  277. server 1.ubnt.pool.ntp.org {
  278. }
  279. server 2.ubnt.pool.ntp.org {
  280. }
  281. server 3.ubnt.pool.ntp.org {
  282. }
  283. }
  284. offload {
  285. hwnat enable
  286. ipsec enable
  287. }
  288. syslog {
  289. global {
  290. facility all {
  291. level notice
  292. }
  293. facility protocols {
  294. level debug
  295. }
  296. }
  297. }
  298. time-zone UTC
  299. }
  300. traffic-control {
  301. smart-queue WAN {
  302. upload {
  303. ecn enable
  304. flows 1024
  305. fq-quantum 1514
  306. limit 10240
  307. rate 109mbit
  308. }
  309. download {
  310. ecn enable
  311. flows 1024
  312. fq-quantum 1514
  313. limit 10240
  314. rate 209mbit
  315. }
  316. wan-interface eth0.12
  317. }
  318. }
  319.  
  320.  
  321. /* Warning: Do not remove the following line. */
  322. /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:suspend@1:system@4:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
  323. /* Release version: v1.10.8.5142457.181120.1809 */
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!