Gebruikershulpmiddelen

Site-hulpmiddelen


hobby:xs4all:start

XS4ALL

History

EdgeRouter

bab2501@Edge:~$ show configuration
firewall {
    all-ping enable
    broadcast-ping enable
    group {
        address-group XS4ALL-VAS-S17 {
            address 80.127.109.152-80.127.109.159
            description ""
        }
    }
    ipv6-name WANv6_IN {
        default-action drop
        description "WAN inbound traffic forwarded to LAN"
        enable-default-log
        rule 10 {
            action accept
            description "Allow established/related sessions"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    ipv6-name WANv6_LOCAL {
        default-action drop
        description "WAN inbound traffic to the router"
        enable-default-log
        rule 10 {
            action accept
            description "Allow established/related sessions"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
        rule 30 {
            action accept
            description "Allow IPv6 icmp"
            protocol ipv6-icmp
        }
        rule 40 {
            action accept
            description "allow dhcpv6"
            destination {
                port 546
            }
            protocol udp
            source {
                port 547
            }
        }
    }
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name WAN_IN {
        default-action drop
        description "WAN to internal"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 30 {
            action accept
            description XS4ALL-VAS-S17-RULE
            destination {
                address 192.168.3.0/24
                group {
                }
            }
            log disable
            protocol all
        }
        rule 40 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    name WAN_LOCAL {
        default-action drop
        description "WAN to router"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    options {
        mss-clamp {
            mss 1412
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
interfaces {
    bridge br0 {
        aging 300
        bridged-conntrack disable
        hello-time 2
        max-age 20
        priority 32768
        promiscuous disable
        stp false
    }
    ethernet eth0 {
        duplex auto
        speed auto
        vif 4 {
            address dhcp
            description "eth0.4 - IPTV"
            dhcp-options {
                client-option "send vendor-class-identifier "IPTV_RG";"
                client-option "request subnet-mask, routers, rfc3442-classless-static-routes;"
                default-route no-update
                default-route-distance 210
                name-server update
            }
        }
        vif 6 {
            description "Internet (PPPoE)"
            pppoe 0 {
                default-route auto
                dhcpv6-pd {
                    pd 0 {
                        interface eth1 {
                            host-address ::1
                            prefix-id :1
                            service slaac
                        }
                        interface switch0 {
                            host-address ::1
                            prefix-id :2
                            service slaac
                        }
                        prefix-length /48
                    }
                    rapid-commit enable
                }
                firewall {
                    in {
                        ipv6-name WANv6_IN
                        name WAN_IN
                    }
                    local {
                        ipv6-name WANv6_LOCAL
                    }
                }
                mtu 1492
                name-server auto
                password ****************
                user-id edge@xs4all.nl
            }
        }
        vif 7 {
            bridge-group {
                bridge br0
            }
            description "eth0.7 - VOIP"
            mtu 1500
        }
    }
    ethernet eth1 {
        duplex auto
        speed auto
        vif 1 {
            address 192.168.0.3/24
            mtu 1500
        }
        vif 3 {
            address 192.168.3.6/24
            description DMZ.s17.blaauwgeers.net
            mtu 1500
        }
        vif 4 {
            address 192.168.4.6/24
            description iptv.s17.blaauwgeers.net
            disable
        }
        vif 7 {
            bridge-group {
                bridge br0
            }
            description "eth1.7 - ExperiaBox VOIP"
            mtu 1500
        }
    }
    ethernet eth2 {
        address 192.168.4.1/24
        description "eth2 - iptv.s17.blaauwgeers.net"
        duplex auto
        speed auto
    }
    ethernet eth3 {
        description Local
        duplex auto
        speed auto
    }
    ethernet eth4 {
        description Local
        duplex auto
        speed auto
    }
    loopback lo {
    }
    switch switch0 {
        address 192.168.2.1/24
        address 192.168.112.6/24
        description local-noodnet
        switch-port {
            interface eth3 {
            }
            interface eth4 {
            }
            vlan-aware disable
        }
        vif 3 {
            address 80.127.109.152/32
            address 80.127.109.153/32
            address 80.127.109.154/32
            address 80.127.109.155/32
            address 80.127.109.156/32
            address 80.127.109.157/32
            address 80.127.109.158/32
            address 80.127.109.159/32
        }
    }
}
protocols {
    igmp-proxy {
        interface eth0.4 {
            alt-subnet 10.16.12.0/16
            alt-subnet 213.75.0.0/16
            alt-subnet 217.166.0.0/16
            role upstream
            threshold 1
        }
        interface eth2 {
            role downstream
            threshold 1
        }
    }
    static {
        route 213.75.112.0/21 {
            next-hop 10.194.48.1 {
            }
        }
    }
}
service {
    dhcp-server {
        disabled false
        global-parameters "option vendor-class-identifier code 60 = string;"
        global-parameters "option broadcast-address code 28 = ip-address;"
        hostfile-update disable
        shared-network-name DMZ.s17.blaauwgeers.net {
            authoritative disable
            subnet 192.168.3.0/24 {
                default-router 192.168.3.6
                dns-server 208.67.222.222
                dns-server 208.67.220.220
                domain-name DMZ.s17.blaauwgeers.net
                lease 86400
                start 192.168.3.100 {
                    stop 192.168.3.199
                }
                static-mapping BlaauwgeersNAS {
                    ip-address 192.168.3.105
                    mac-address 00:11:32:9b:c3:a1
                }
                static-mapping TurrisBABnet {
                    ip-address 192.168.3.102
                    mac-address d8:58:d7:00:68:e0
                }
                static-mapping UniGW {
                    ip-address 192.168.3.101
                    mac-address 78:8a:20:42:71:da
                }
                static-mapping fritz.box {
                    ip-address 192.168.3.104
                    mac-address 34:31:c4:81:90:6b
                }
                static-mapping ns1 {
                    ip-address 192.168.3.103
                    mac-address 00:0c:29:12:c0:52
                }
                unifi-controller 192.168.25.11
            }
        }
        shared-network-name IPTV104 {
            authoritative disable
            subnet 192.168.104.0/24 {
                default-router 192.168.104.6
                dns-server 194.109.6.66
                dns-server 194.109.9.99
                lease 86400
                start 192.168.104.100 {
                    stop 192.168.104.199
                }
                unifi-controller 192.168.25.11
            }
        }
        shared-network-name NoodNet.s17.blaauwgeers.net {
            authoritative disable
            subnet 192.168.112.0/24 {
                default-router 192.168.112.6
                dns-server 208.67.222.222
                dns-server 208.67.220.220
                lease 86400
                start 192.168.112.100 {
                    stop 192.168.112.199
                }
                unifi-controller 192.168.25.11
            }
        }
        shared-network-name iptv.s17.blaauwgeers.net {
            authoritative enable
            subnet 192.168.4.0/24 {
                default-router 192.168.4.1
                dns-server 194.109.6.66
                dns-server 194.109.9.99
                domain-name iptv.s17.blaauwgeers.net
                lease 86400
                start 192.168.4.100 {
                    stop 192.168.4.199
                }
            }
        }
        static-arp disable
        use-dnsmasq disable
    }
    dns {
        forwarding {
            cache-size 150
            listen-on eth1
            listen-on switch0
        }
    }
    gui {
        http-port 80
        https-port 443
        older-ciphers enable
    }
    nat {
        rule 1 {
            description "Static 80.127.109.156"
            destination {
                address 80.127.109.156
            }
            inbound-interface pppoe0
            inside-address {
                address 192.168.3.101
            }
            log disable
            protocol all
            source {
            }
            type destination
        }
        rule 2 {
            description "Static 80.127.109.154"
            destination {
                address 80.127.109.154
            }
            inbound-interface pppoe0
            inside-address {
                address 192.168.3.102
            }
            log disable
            protocol all
            source {
            }
            type destination
        }
        rule 3 {
            description "Static 80.127.109.157"
            destination {
                address 80.127.109.157
            }
            inbound-interface pppoe0
            inside-address {
                address 192.168.3.10
            }
            log disable
            protocol all
            source {
            }
            type destination
        }
        rule 5000 {
            description "Static 80.127.109.154"
            log disable
            outbound-interface pppoe0
            outside-address {
                address 80.127.109.154
            }
            protocol all
            source {
                address 192.168.3.102
            }
            type source
        }
        rule 5001 {
            description "Static 80.127.109.156"
            log disable
            outbound-interface pppoe0
            outside-address {
                address 80.127.109.156
            }
            protocol all
            source {
                address 192.168.3.101
            }
            type source
        }
        rule 5002 {
            description "Static 80.127.109.157"
            log disable
            outbound-interface switch0.3
            outside-address {
                address 80.127.109.157
            }
            protocol all
            source {
                address 192.168.3.10
            }
            type source
        }
        rule 5003 {
            description "XS4ALL (IPTV) 5000"
            destination {
                address 10.16.0.0/16
            }
            log disable
            outbound-interface eth0.4
            protocol all
            type masquerade
        }
        rule 5004 {
            description "XS4ALL (IPTV) 5001"
            destination {
                address 213.75.112.0/21
            }
            log disable
            outbound-interface eth0.4
            protocol all
            type masquerade
        }
        rule 5005 {
            description "masquerade for WAN"
            log disable
            outbound-interface pppoe0
            protocol all
            type masquerade
        }
    }
    ssh {
        port 22
        protocol-version v2
    }
    unms {
        disable
    }
}
system {
    config-management {
        commit-revisions 20
    }
    host-name Edge
    login {
        user bab2501 {
            authentication {
                encrypted-password ****************
                plaintext-password ****************
            }
            full-name "Alexander Blaauwgeers"
            level admin
        }
        user ubnt {
            authentication {
                encrypted-password ****************
                plaintext-password ****************
            }
            full-name ""
            level operator
        }
    }
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    package {
        repository wheezy {
            components "main contrib non-free"
            distribution wheezy
            password ****************
            url http://ftp.nl.debian.org/debian
            username ""
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone Europe/Amsterdam
    traffic-analysis {
        dpi enable
        export enable
    }
}
bab2501@Edge:~$
hobby/xs4all/start.txt · Laatst gewijzigd: 2019/05/23 20:55 door blaauwgeers