API tools faq
paste
Advertisement
skaramicke

Edgerouter X config that doesn't work

skaramicke
Jul 19th, 2017
261
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.94 KB | None | 0 0
raw download clone embed print report
  1. firewall {
  2. all-ping enable
  3. broadcast-ping disable
  4. group {
  5. address-group dangerous_machines {
  6. address 192.168.1.6
  7. address 192.168.1.7
  8. description "Dangerous Machines"
  9. }
  10. }
  11. ipv6-receive-redirects disable
  12. ipv6-src-route disable
  13. ip-src-route disable
  14. log-martians enable
  15. modify SOURCE_ROUTE {
  16. rule 10 {
  17. description "Dangerous Machines through vtun0"
  18. modify {
  19. table 1
  20. }
  21. source {
  22. group {
  23. address-group dangerous_machines
  24. }
  25. }
  26. }
  27. }
  28. name WAN_IN {
  29. default-action drop
  30. description "WAN to internal"
  31. rule 10 {
  32. action accept
  33. description "Allow established/related"
  34. state {
  35. established enable
  36. related enable
  37. }
  38. }
  39. rule 20 {
  40. action drop
  41. description "Drop invalid state"
  42. state {
  43. invalid enable
  44. }
  45. }
  46. }
  47. name WAN_LOCAL {
  48. default-action drop
  49. description "WAN to router"
  50. rule 10 {
  51. action accept
  52. description "Allow established/related"
  53. state {
  54. established enable
  55. related enable
  56. }
  57. }
  58. rule 20 {
  59. action drop
  60. description "Drop invalid state"
  61. state {
  62. invalid enable
  63. }
  64. }
  65. rule 30 {
  66. action accept
  67. description "Allow IKE for Remote VPN Server"
  68. destination {
  69. port 500
  70. }
  71. protocol udp
  72. }
  73. rule 40 {
  74. action accept
  75. description "Allow L2TP for Remote VPN server"
  76. destination {
  77. port 1701
  78. }
  79. protocol udp
  80. }
  81. rule 50 {
  82. action accept
  83. description "Allow ESP for Remote VPN server"
  84. protocol 50
  85. }
  86. rule 60 {
  87. action accept
  88. description "Allow NAT-T for Remote VPN server"
  89. destination {
  90. port 4500
  91. }
  92. protocol udp
  93. }
  94. }
  95. receive-redirects disable
  96. send-redirects enable
  97. source-validation disable
  98. syn-cookies enable
  99. }
  100. interfaces {
  101. ethernet eth0 {
  102. address dhcp
  103. description Internet
  104. duplex auto
  105. firewall {
  106. in {
  107. modify SOURCE_ROUTE
  108. name WAN_IN
  109. }
  110. local {
  111. name WAN_LOCAL
  112. }
  113. }
  114. speed auto
  115. }
  116. ethernet eth1 {
  117. description Local
  118. duplex auto
  119. speed auto
  120. }
  121. ethernet eth2 {
  122. description Local
  123. duplex auto
  124. speed auto
  125. }
  126. ethernet eth3 {
  127. description Local
  128. duplex auto
  129. speed auto
  130. }
  131. ethernet eth4 {
  132. description Local
  133. duplex auto
  134. firewall {
  135. in {
  136. }
  137. }
  138. speed auto
  139. }
  140. loopback lo {
  141. }
  142. openvpn vtun0 {
  143. config-file /config/auth/integrity/integrity.ovpn
  144. firewall {
  145. }
  146. }
  147. switch switch0 {
  148. address 192.168.1.1/24
  149. description Local
  150. mtu 1500
  151. switch-port {
  152. interface eth1
  153. interface eth2
  154. interface eth3
  155. interface eth4
  156. }
  157. }
  158. }
  159. port-forward {
  160. auto-firewall enable
  161. hairpin-nat enable
  162. lan-interface eth1
  163. lan-interface eth2
  164. lan-interface eth3
  165. lan-interface eth4
  166. lan-interface switch0
  167. wan-interface eth0
  168. }
  169. protocols {
  170. static {
  171. table 1 {
  172. interface-route 0.0.0.0/0 {
  173. next-hop-interface vtun0 {
  174. }
  175. }
  176. }
  177. }
  178. }
  179. service {
  180. dhcp-server {
  181. disabled false
  182. hostfile-update enable
  183. shared-network-name LAN {
  184. authoritative disable
  185. subnet 192.168.1.0/24 {
  186. default-router 192.168.1.1
  187. dns-server 192.168.1.1
  188. domain-name local
  189. lease 86400
  190. start 192.168.1.38 {
  191. stop 192.168.1.243
  192. }
  193. }
  194. }
  195. }
  196. dns {
  197. forwarding {
  198. cache-size 150
  199. listen-on switch0
  200. name-server 8.8.8.8
  201. name-server 8.8.4.4
  202. }
  203. }
  204. gui {
  205. https-port 443
  206. }
  207. nat {
  208. rule 5001 {
  209. description "Masquerade for VTUN0"
  210. log disable
  211. outbound-interface vtun0
  212. protocol all
  213. source {
  214. group {
  215. address-group dangerous_machines
  216. }
  217. }
  218. type masquerade
  219. }
  220. rule 5010 {
  221. description "masquerade for WAN"
  222. outbound-interface eth0
  223. type masquerade
  224. }
  225. }
  226. ssh {
  227. port 22
  228. protocol-version v2
  229. }
  230. }
  231. system {
  232. host-name ubnt
  233. login {
  234. [redacted]
  235. }
  236. name-server 127.0.0.1
  237. ntp {
  238. server 0.ubnt.pool.ntp.org {
  239. }
  240. server 1.ubnt.pool.ntp.org {
  241. }
  242. server 2.ubnt.pool.ntp.org {
  243. }
  244. server 3.ubnt.pool.ntp.org {
  245. }
  246. }
  247. static-host-mapping {
  248. host-name freenas.local {
  249. inet 192.168.1.200
  250. }
  251. host-name printer.local {
  252. inet 192.168.1.222
  253. }
  254. }
  255. syslog {
  256. global {
  257. facility all {
  258. level notice
  259. }
  260. facility protocols {
  261. level debug
  262. }
  263. }
  264. }
  265. time-zone UTC
  266. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!