API tools faq
paste
Guest User

ubnt config

a guest
Jan 3rd, 2019
417
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.49 KB | None | 0 0
raw download clone embed print report
  1. firewall {
  2. all-ping enable
  3. broadcast-ping disable
  4. ipv6-receive-redirects disable
  5. ipv6-src-route disable
  6. ip-src-route disable
  7. log-martians enable
  8. modify PBR_policy {
  9. rule 20 {
  10. action modify
  11. description iNET
  12. modify {
  13. table 11
  14. }
  15. source {
  16. address 10.0.1.0/24
  17. }
  18. }
  19. rule 30 {
  20. action modify
  21. description IPTV
  22. modify {
  23. table 12
  24. }
  25. source {
  26. address 10.0.2.0/24
  27. }
  28. }
  29. }
  30. name IPTV_LOCAL {
  31. default-action accept
  32. description "WAN IPTV to router"
  33. rule 10 {
  34. action accept
  35. description "Allow established/related"
  36. state {
  37. established enable
  38. related enable
  39. }
  40. }
  41. rule 20 {
  42. action accept
  43. description "Allow ICMP Echo"
  44. icmp {
  45. type 8
  46. }
  47. limit {
  48. burst 1
  49. rate 20/second
  50. }
  51. log disable
  52. protocol icmp
  53. }
  54. rule 30 {
  55. action accept
  56. description "Allow ICMP Destination Unreachable"
  57. icmp {
  58. type 3
  59. }
  60. limit {
  61. burst 1
  62. rate 20/second
  63. }
  64. log disable
  65. protocol icmp
  66. }
  67. rule 40 {
  68. action drop
  69. description "Drop invalid state"
  70. state {
  71. invalid enable
  72. }
  73. }
  74. }
  75. name WAN_IN {
  76. default-action drop
  77. description "WAN to internal"
  78. rule 10 {
  79. action accept
  80. description "IPTV Traffic"
  81. destination {
  82. address 224.0.0.0/8
  83. }
  84. log disable
  85. protocol udp
  86. source {
  87. address 217.166.0.0/16
  88. }
  89. }
  90. rule 20 {
  91. action accept
  92. description "Allow IGMP"
  93. log disable
  94. protocol igmp
  95. }
  96. rule 30 {
  97. action accept
  98. description "Allow established/related"
  99. state {
  100. established enable
  101. related enable
  102. }
  103. }
  104. rule 40 {
  105. action drop
  106. description "Drop invalid state"
  107. state {
  108. invalid enable
  109. }
  110. }
  111. }
  112. name WAN_LOCAL {
  113. default-action drop
  114. description "WAN to router"
  115. rule 10 {
  116. action accept
  117. description "Allow established/related"
  118. state {
  119. established enable
  120. related enable
  121. }
  122. }
  123. rule 20 {
  124. action drop
  125. description "Drop invalid state"
  126. state {
  127. invalid enable
  128. }
  129. }
  130. }
  131. name WAN_OUT {
  132. default-action accept
  133. description ""
  134. rule 1 {
  135. action drop
  136. description "CAM-001 Block traffic to outside"
  137. log disable
  138. protocol all
  139. source {
  140. address 10.0.1.14
  141. }
  142. }
  143. rule 2 {
  144. action drop
  145. description "Block Toon Traffic"
  146. log disable
  147. protocol all
  148. source {
  149. mac-address 28:c2:dd:e4:8e:c3
  150. }
  151. }
  152. }
  153. receive-redirects disable
  154. send-redirects enable
  155. source-validation disable
  156. syn-cookies enable
  157. }
  158. interfaces {
  159. ethernet eth0 {
  160. address dhcp
  161. description WAN
  162. duplex auto
  163. firewall {
  164. in {
  165. name WAN_IN
  166. }
  167. local {
  168. name WAN_LOCAL
  169. }
  170. out {
  171. name WAN_OUT
  172. }
  173. }
  174. mac XXXXXXXXXXXXXXX
  175. speed auto
  176. vif 4 {
  177. address dhcp
  178. description Online_IPTV
  179. firewall {
  180. in {
  181. name WAN_IN
  182. }
  183. local {
  184. name IPTV_LOCAL
  185. }
  186. }
  187. mac XXXXXXXXXXXXXXXXX
  188. mtu 1500
  189. }
  190. }
  191. ethernet eth1 {
  192. description Local
  193. duplex auto
  194. speed auto
  195. }
  196. ethernet eth2 {
  197. description Local
  198. duplex auto
  199. speed auto
  200. }
  201. ethernet eth3 {
  202. description Local
  203. duplex auto
  204. speed auto
  205. }
  206. ethernet eth4 {
  207. address 10.0.3.1/24
  208. description Local
  209. duplex auto
  210. poe {
  211. output off
  212. }
  213. speed auto
  214. }
  215. loopback lo {
  216. }
  217. switch switch0 {
  218. description Local
  219. firewall {
  220. in {
  221. modify PBR_policy
  222. }
  223. }
  224. mtu 1500
  225. switch-port {
  226. interface eth1 {
  227. vlan {
  228. pvid 1
  229. vid 2
  230. vid 1001
  231. }
  232. }
  233. interface eth2 {
  234. vlan {
  235. pvid 1
  236. }
  237. }
  238. interface eth3 {
  239. vlan {
  240. pvid 2
  241. }
  242. }
  243. vlan-aware enable
  244. }
  245. vif 1 {
  246. address 10.0.1.1/24
  247. description LAN
  248. firewall {
  249. in {
  250. modify PBR_policy
  251. }
  252. }
  253. }
  254. vif 2 {
  255. address 10.0.2.1/24
  256. description IPTV
  257. firewall {
  258. in {
  259. modify PBR_policy
  260. }
  261. }
  262. mtu 1500
  263. }
  264. vif 1003 {
  265. address 172.16.1.1/24
  266. description "Guest LAN"
  267. mtu 1500
  268. }
  269. }
  270. }
  271. port-forward {
  272. auto-firewall enable
  273. hairpin-nat enable
  274. lan-interface switch0
  275. lan-interface switch0.1
  276. rule 1 {
  277. description HAWeb
  278. forward-to {
  279. address XXXXXXXXXXXX
  280. port 8123
  281. }
  282. original-port 8123
  283. protocol tcp
  284. }
  285. rule 2 {
  286. description PPTP
  287. forward-to {
  288. address 10.0.1.XX
  289. port 1723
  290. }
  291. original-port 1723
  292. protocol tcp_udp
  293. }
  294. rule 3 {
  295. description "VPN L2TP 500"
  296. forward-to {
  297. address 10.0.1.XX
  298. port 500
  299. }
  300. original-port 500
  301. protocol tcp_udp
  302. }
  303. rule 4 {
  304. description "VPN L2TP 4500"
  305. forward-to {
  306. address 10.0.1.XX
  307. port 4500
  308. }
  309. original-port 4500
  310. protocol tcp_udp
  311. }
  312. rule 5 {
  313. description Website
  314. forward-to {
  315. address 10.0.1.XX
  316. port 80
  317. }
  318. original-port 80
  319. protocol tcp_udp
  320. }
  321. wan-interface eth0
  322. }
  323. protocols {
  324. igmp-proxy {
  325. interface eth0 {
  326. role disabled
  327. threshold 1
  328. }
  329. interface eth0.4 {
  330. alt-subnet 0.0.0.0/0
  331. role upstream
  332. threshold 1
  333. }
  334. interface eth1 {
  335. role disabled
  336. threshold 1
  337. }
  338. interface eth2 {
  339. role disabled
  340. threshold 1
  341. }
  342. interface eth3 {
  343. role disabled
  344. threshold 1
  345. }
  346. interface eth4 {
  347. role disabled
  348. threshold 1
  349. }
  350. interface switch0 {
  351. role disabled
  352. threshold 1
  353. }
  354. interface switch0.1 {
  355. role disabled
  356. threshold 1
  357. }
  358. interface switch0.2 {
  359. alt-subnet 0.0.0.0/0
  360. role downstream
  361. threshold 1
  362. whitelist 224.0.252.0/24
  363. }
  364. interface switch0.1003 {
  365. role disabled
  366. threshold 1
  367. }
  368. }
  369. static {
  370. table 11 {
  371. route 0.0.0.0/0 {
  372. next-hop 85.149.0.1 {
  373. }
  374. }
  375. route 10.0.4.0/22 {
  376. next-hop 10.226.112.1 {
  377. }
  378. }
  379. }
  380. table 12 {
  381. route 0.0.0.0/0 {
  382. next-hop 85.149.0.1 {
  383. }
  384. }
  385. route 10.0.4.0/24 {
  386. next-hop 10.226.112.1 {
  387. }
  388. }
  389. }
  390. }
  391. }
  392. service {
  393. dhcp-server {
  394. disabled false
  395. hostfile-update disable
  396. shared-network-name DHCP_Default {
  397. authoritative disable
  398. subnet 10.0.1.0/24 {
  399. default-router 10.0.1.1
  400. dns-server 10.0.1.1
  401. lease 86400
  402. start 10.0.1.50 {
  403. stop 10.0.1.200
  404. }
  405. #leases verwijderd#
  406. }
  407. }
  408. }
  409. shared-network-name DHCP_Guest {
  410. authoritative disable
  411. subnet 172.16.1.0/24 {
  412. default-router 172.16.1.1
  413. dns-server 10.0.1.42
  414. lease 86400
  415. start 172.16.1.2 {
  416. stop 172.16.1.100
  417. }
  418. }
  419. }
  420. shared-network-name DHCP_IPTV {
  421. authoritative disable
  422. subnet 10.0.2.0/24 {
  423. default-router 10.0.2.1
  424. dns-server 208.67.222.220
  425. lease 86400
  426. start 10.0.2.2 {
  427. stop 10.0.2.50
  428. }
  429. }
  430. }
  431. static-arp disable
  432. use-dnsmasq disable
  433. }
  434. dns {
  435. forwarding {
  436. cache-size 150
  437. listen-on switch0.1003
  438. listen-on switch0.1
  439. }
  440. }
  441. gui {
  442. http-port 80
  443. https-port 443
  444. older-ciphers enable
  445. }
  446. nat {
  447. rule 5010 {
  448. description "masquerade for WAN"
  449. outbound-interface eth0
  450. type masquerade
  451. }
  452. }
  453. ssh {
  454. port 22
  455. protocol-version v2
  456. }
  457. unms {
  458. disable
  459. }
  460. }
  461. system {
  462. conntrack {
  463. expect-table-size 2048
  464. hash-size 32768
  465. modules {
  466. rtsp {
  467. enable
  468. }
  469. sip {
  470. disable
  471. }
  472. }
  473. table-size 262144
  474. }
  475. host-name ubnt
  476. login {
  477. user ubnt {
  478. authentication {
  479. encrypted-password XXXXXXXXXX.
  480. plaintext-password ""
  481. }
  482. full-name ""
  483. level admin
  484. }
  485. }
  486. name-server 10.0.1.43
  487. name-server 8.8.8.8
  488. ntp {
  489. server 0.ubnt.pool.ntp.org {
  490. }
  491. server 1.ubnt.pool.ntp.org {
  492. }
  493. server 2.ubnt.pool.ntp.org {
  494. }
  495. server 3.ubnt.pool.ntp.org {
  496. }
  497. }
  498.  
  499. syslog {
  500. global {
  501. facility all {
  502. level notice
  503. }
  504. facility protocols {
  505. level debug
  506. }
  507. }
  508. }
  509. time-zone UTC
  510. traffic-analysis {
  511. dpi enable
  512. export enable
  513. }
  514. }
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!