XS4ALL
History
EdgeRouter
bab2501@Edge:~$ show configuration
firewall {
all-ping enable
broadcast-ping enable
group {
address-group XS4ALL-VAS-S17 {
address 80.127.109.152-80.127.109.159
description ""
}
}
ipv6-name WANv6_IN {
default-action drop
description "WAN inbound traffic forwarded to LAN"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
ipv6-name WANv6_LOCAL {
default-action drop
description "WAN inbound traffic to the router"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 30 {
action accept
description "Allow IPv6 icmp"
protocol ipv6-icmp
}
rule 40 {
action accept
description "allow dhcpv6"
destination {
port 546
}
protocol udp
source {
port 547
}
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 30 {
action accept
description XS4ALL-VAS-S17-RULE
destination {
address 192.168.3.0/24
group {
}
}
log disable
protocol all
}
rule 40 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
options {
mss-clamp {
mss 1412
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
bridge br0 {
aging 300
bridged-conntrack disable
hello-time 2
max-age 20
priority 32768
promiscuous disable
stp false
}
ethernet eth0 {
duplex auto
speed auto
vif 4 {
address dhcp
description "eth0.4 - IPTV"
dhcp-options {
client-option "send vendor-class-identifier "IPTV_RG";"
client-option "request subnet-mask, routers, rfc3442-classless-static-routes;"
default-route no-update
default-route-distance 210
name-server update
}
}
vif 6 {
description "Internet (PPPoE)"
pppoe 0 {
default-route auto
dhcpv6-pd {
pd 0 {
interface eth1 {
host-address ::1
prefix-id :1
service slaac
}
interface switch0 {
host-address ::1
prefix-id :2
service slaac
}
prefix-length /48
}
rapid-commit enable
}
firewall {
in {
ipv6-name WANv6_IN
name WAN_IN
}
local {
ipv6-name WANv6_LOCAL
}
}
mtu 1492
name-server auto
password ****************
user-id edge@xs4all.nl
}
}
vif 7 {
bridge-group {
bridge br0
}
description "eth0.7 - VOIP"
mtu 1500
}
}
ethernet eth1 {
duplex auto
speed auto
vif 1 {
address 192.168.0.3/24
mtu 1500
}
vif 3 {
address 192.168.3.6/24
description DMZ.s17.blaauwgeers.net
mtu 1500
}
vif 4 {
address 192.168.4.6/24
description iptv.s17.blaauwgeers.net
disable
}
vif 7 {
bridge-group {
bridge br0
}
description "eth1.7 - ExperiaBox VOIP"
mtu 1500
}
}
ethernet eth2 {
address 192.168.4.1/24
description "eth2 - iptv.s17.blaauwgeers.net"
duplex auto
speed auto
}
ethernet eth3 {
description Local
duplex auto
speed auto
}
ethernet eth4 {
description Local
duplex auto
speed auto
}
loopback lo {
}
switch switch0 {
address 192.168.2.1/24
address 192.168.112.6/24
description local-noodnet
switch-port {
interface eth3 {
}
interface eth4 {
}
vlan-aware disable
}
vif 3 {
address 80.127.109.152/32
address 80.127.109.153/32
address 80.127.109.154/32
address 80.127.109.155/32
address 80.127.109.156/32
address 80.127.109.157/32
address 80.127.109.158/32
address 80.127.109.159/32
}
}
}
protocols {
igmp-proxy {
interface eth0.4 {
alt-subnet 10.16.12.0/16
alt-subnet 213.75.0.0/16
alt-subnet 217.166.0.0/16
role upstream
threshold 1
}
interface eth2 {
role downstream
threshold 1
}
}
static {
route 213.75.112.0/21 {
next-hop 10.194.48.1 {
}
}
}
}
service {
dhcp-server {
disabled false
global-parameters "option vendor-class-identifier code 60 = string;"
global-parameters "option broadcast-address code 28 = ip-address;"
hostfile-update disable
shared-network-name DMZ.s17.blaauwgeers.net {
authoritative disable
subnet 192.168.3.0/24 {
default-router 192.168.3.6
dns-server 208.67.222.222
dns-server 208.67.220.220
domain-name DMZ.s17.blaauwgeers.net
lease 86400
start 192.168.3.100 {
stop 192.168.3.199
}
static-mapping BlaauwgeersNAS {
ip-address 192.168.3.105
mac-address 00:11:32:9b:c3:a1
}
static-mapping TurrisBABnet {
ip-address 192.168.3.102
mac-address d8:58:d7:00:68:e0
}
static-mapping UniGW {
ip-address 192.168.3.101
mac-address 78:8a:20:42:71:da
}
static-mapping fritz.box {
ip-address 192.168.3.104
mac-address 34:31:c4:81:90:6b
}
static-mapping ns1 {
ip-address 192.168.3.103
mac-address 00:0c:29:12:c0:52
}
unifi-controller 192.168.25.11
}
}
shared-network-name IPTV104 {
authoritative disable
subnet 192.168.104.0/24 {
default-router 192.168.104.6
dns-server 194.109.6.66
dns-server 194.109.9.99
lease 86400
start 192.168.104.100 {
stop 192.168.104.199
}
unifi-controller 192.168.25.11
}
}
shared-network-name NoodNet.s17.blaauwgeers.net {
authoritative disable
subnet 192.168.112.0/24 {
default-router 192.168.112.6
dns-server 208.67.222.222
dns-server 208.67.220.220
lease 86400
start 192.168.112.100 {
stop 192.168.112.199
}
unifi-controller 192.168.25.11
}
}
shared-network-name iptv.s17.blaauwgeers.net {
authoritative enable
subnet 192.168.4.0/24 {
default-router 192.168.4.1
dns-server 194.109.6.66
dns-server 194.109.9.99
domain-name iptv.s17.blaauwgeers.net
lease 86400
start 192.168.4.100 {
stop 192.168.4.199
}
}
}
static-arp disable
use-dnsmasq disable
}
dns {
forwarding {
cache-size 150
listen-on eth1
listen-on switch0
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 1 {
description "Static 80.127.109.156"
destination {
address 80.127.109.156
}
inbound-interface pppoe0
inside-address {
address 192.168.3.101
}
log disable
protocol all
source {
}
type destination
}
rule 2 {
description "Static 80.127.109.154"
destination {
address 80.127.109.154
}
inbound-interface pppoe0
inside-address {
address 192.168.3.102
}
log disable
protocol all
source {
}
type destination
}
rule 3 {
description "Static 80.127.109.157"
destination {
address 80.127.109.157
}
inbound-interface pppoe0
inside-address {
address 192.168.3.10
}
log disable
protocol all
source {
}
type destination
}
rule 5000 {
description "Static 80.127.109.154"
log disable
outbound-interface pppoe0
outside-address {
address 80.127.109.154
}
protocol all
source {
address 192.168.3.102
}
type source
}
rule 5001 {
description "Static 80.127.109.156"
log disable
outbound-interface pppoe0
outside-address {
address 80.127.109.156
}
protocol all
source {
address 192.168.3.101
}
type source
}
rule 5002 {
description "Static 80.127.109.157"
log disable
outbound-interface switch0.3
outside-address {
address 80.127.109.157
}
protocol all
source {
address 192.168.3.10
}
type source
}
rule 5003 {
description "XS4ALL (IPTV) 5000"
destination {
address 10.16.0.0/16
}
log disable
outbound-interface eth0.4
protocol all
type masquerade
}
rule 5004 {
description "XS4ALL (IPTV) 5001"
destination {
address 213.75.112.0/21
}
log disable
outbound-interface eth0.4
protocol all
type masquerade
}
rule 5005 {
description "masquerade for WAN"
log disable
outbound-interface pppoe0
protocol all
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
unms {
disable
}
}
system {
config-management {
commit-revisions 20
}
host-name Edge
login {
user bab2501 {
authentication {
encrypted-password ****************
plaintext-password ****************
}
full-name "Alexander Blaauwgeers"
level admin
}
user ubnt {
authentication {
encrypted-password ****************
plaintext-password ****************
}
full-name ""
level operator
}
}
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
package {
repository wheezy {
components "main contrib non-free"
distribution wheezy
password ****************
url http://ftp.nl.debian.org/debian
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone Europe/Amsterdam
traffic-analysis {
dpi enable
export enable
}
}
bab2501@Edge:~$