hobby:xs4all:start
Inhoud
XS4ALL
History
EdgeRouter
bab2501@Edge:~$ show configuration firewall { all-ping enable broadcast-ping enable group { address-group XS4ALL-VAS-S17 { address 80.127.109.152-80.127.109.159 description "" } } ipv6-name WANv6_IN { default-action drop description "WAN inbound traffic forwarded to LAN" enable-default-log rule 10 { action accept description "Allow established/related sessions" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } } ipv6-name WANv6_LOCAL { default-action drop description "WAN inbound traffic to the router" enable-default-log rule 10 { action accept description "Allow established/related sessions" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } rule 30 { action accept description "Allow IPv6 icmp" protocol ipv6-icmp } rule 40 { action accept description "allow dhcpv6" destination { port 546 } protocol udp source { port 547 } } } ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name WAN_IN { default-action drop description "WAN to internal" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 30 { action accept description XS4ALL-VAS-S17-RULE destination { address 192.168.3.0/24 group { } } log disable protocol all } rule 40 { action drop description "Drop invalid state" state { invalid enable } } } name WAN_LOCAL { default-action drop description "WAN to router" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } } options { mss-clamp { mss 1412 } } receive-redirects disable send-redirects enable source-validation disable syn-cookies enable } interfaces { bridge br0 { aging 300 bridged-conntrack disable hello-time 2 max-age 20 priority 32768 promiscuous disable stp false } ethernet eth0 { duplex auto speed auto vif 4 { address dhcp description "eth0.4 - IPTV" dhcp-options { client-option "send vendor-class-identifier "IPTV_RG";" client-option "request subnet-mask, routers, rfc3442-classless-static-routes;" default-route no-update default-route-distance 210 name-server update } } vif 6 { description "Internet (PPPoE)" pppoe 0 { default-route auto dhcpv6-pd { pd 0 { interface eth1 { host-address ::1 prefix-id :1 service slaac } interface switch0 { host-address ::1 prefix-id :2 service slaac } prefix-length /48 } rapid-commit enable } firewall { in { ipv6-name WANv6_IN name WAN_IN } local { ipv6-name WANv6_LOCAL } } mtu 1492 name-server auto password **************** user-id edge@xs4all.nl } } vif 7 { bridge-group { bridge br0 } description "eth0.7 - VOIP" mtu 1500 } } ethernet eth1 { duplex auto speed auto vif 1 { address 192.168.0.3/24 mtu 1500 } vif 3 { address 192.168.3.6/24 description DMZ.s17.blaauwgeers.net mtu 1500 } vif 4 { address 192.168.4.6/24 description iptv.s17.blaauwgeers.net disable } vif 7 { bridge-group { bridge br0 } description "eth1.7 - ExperiaBox VOIP" mtu 1500 } } ethernet eth2 { address 192.168.4.1/24 description "eth2 - iptv.s17.blaauwgeers.net" duplex auto speed auto } ethernet eth3 { description Local duplex auto speed auto } ethernet eth4 { description Local duplex auto speed auto } loopback lo { } switch switch0 { address 192.168.2.1/24 address 192.168.112.6/24 description local-noodnet switch-port { interface eth3 { } interface eth4 { } vlan-aware disable } vif 3 { address 80.127.109.152/32 address 80.127.109.153/32 address 80.127.109.154/32 address 80.127.109.155/32 address 80.127.109.156/32 address 80.127.109.157/32 address 80.127.109.158/32 address 80.127.109.159/32 } } } protocols { igmp-proxy { interface eth0.4 { alt-subnet 10.16.12.0/16 alt-subnet 213.75.0.0/16 alt-subnet 217.166.0.0/16 role upstream threshold 1 } interface eth2 { role downstream threshold 1 } } static { route 213.75.112.0/21 { next-hop 10.194.48.1 { } } } } service { dhcp-server { disabled false global-parameters "option vendor-class-identifier code 60 = string;" global-parameters "option broadcast-address code 28 = ip-address;" hostfile-update disable shared-network-name DMZ.s17.blaauwgeers.net { authoritative disable subnet 192.168.3.0/24 { default-router 192.168.3.6 dns-server 208.67.222.222 dns-server 208.67.220.220 domain-name DMZ.s17.blaauwgeers.net lease 86400 start 192.168.3.100 { stop 192.168.3.199 } static-mapping BlaauwgeersNAS { ip-address 192.168.3.105 mac-address 00:11:32:9b:c3:a1 } static-mapping TurrisBABnet { ip-address 192.168.3.102 mac-address d8:58:d7:00:68:e0 } static-mapping UniGW { ip-address 192.168.3.101 mac-address 78:8a:20:42:71:da } static-mapping fritz.box { ip-address 192.168.3.104 mac-address 34:31:c4:81:90:6b } static-mapping ns1 { ip-address 192.168.3.103 mac-address 00:0c:29:12:c0:52 } unifi-controller 192.168.25.11 } } shared-network-name IPTV104 { authoritative disable subnet 192.168.104.0/24 { default-router 192.168.104.6 dns-server 194.109.6.66 dns-server 194.109.9.99 lease 86400 start 192.168.104.100 { stop 192.168.104.199 } unifi-controller 192.168.25.11 } } shared-network-name NoodNet.s17.blaauwgeers.net { authoritative disable subnet 192.168.112.0/24 { default-router 192.168.112.6 dns-server 208.67.222.222 dns-server 208.67.220.220 lease 86400 start 192.168.112.100 { stop 192.168.112.199 } unifi-controller 192.168.25.11 } } shared-network-name iptv.s17.blaauwgeers.net { authoritative enable subnet 192.168.4.0/24 { default-router 192.168.4.1 dns-server 194.109.6.66 dns-server 194.109.9.99 domain-name iptv.s17.blaauwgeers.net lease 86400 start 192.168.4.100 { stop 192.168.4.199 } } } static-arp disable use-dnsmasq disable } dns { forwarding { cache-size 150 listen-on eth1 listen-on switch0 } } gui { http-port 80 https-port 443 older-ciphers enable } nat { rule 1 { description "Static 80.127.109.156" destination { address 80.127.109.156 } inbound-interface pppoe0 inside-address { address 192.168.3.101 } log disable protocol all source { } type destination } rule 2 { description "Static 80.127.109.154" destination { address 80.127.109.154 } inbound-interface pppoe0 inside-address { address 192.168.3.102 } log disable protocol all source { } type destination } rule 3 { description "Static 80.127.109.157" destination { address 80.127.109.157 } inbound-interface pppoe0 inside-address { address 192.168.3.10 } log disable protocol all source { } type destination } rule 5000 { description "Static 80.127.109.154" log disable outbound-interface pppoe0 outside-address { address 80.127.109.154 } protocol all source { address 192.168.3.102 } type source } rule 5001 { description "Static 80.127.109.156" log disable outbound-interface pppoe0 outside-address { address 80.127.109.156 } protocol all source { address 192.168.3.101 } type source } rule 5002 { description "Static 80.127.109.157" log disable outbound-interface switch0.3 outside-address { address 80.127.109.157 } protocol all source { address 192.168.3.10 } type source } rule 5003 { description "XS4ALL (IPTV) 5000" destination { address 10.16.0.0/16 } log disable outbound-interface eth0.4 protocol all type masquerade } rule 5004 { description "XS4ALL (IPTV) 5001" destination { address 213.75.112.0/21 } log disable outbound-interface eth0.4 protocol all type masquerade } rule 5005 { description "masquerade for WAN" log disable outbound-interface pppoe0 protocol all type masquerade } } ssh { port 22 protocol-version v2 } unms { disable } } system { config-management { commit-revisions 20 } host-name Edge login { user bab2501 { authentication { encrypted-password **************** plaintext-password **************** } full-name "Alexander Blaauwgeers" level admin } user ubnt { authentication { encrypted-password **************** plaintext-password **************** } full-name "" level operator } } ntp { server 0.ubnt.pool.ntp.org { } server 1.ubnt.pool.ntp.org { } server 2.ubnt.pool.ntp.org { } server 3.ubnt.pool.ntp.org { } } package { repository wheezy { components "main contrib non-free" distribution wheezy password **************** url http://ftp.nl.debian.org/debian username "" } } syslog { global { facility all { level notice } facility protocols { level debug } } } time-zone Europe/Amsterdam traffic-analysis { dpi enable export enable } } bab2501@Edge:~$
hobby/xs4all/start.txt · Laatst gewijzigd: 2021/09/11 14:27 door 127.0.0.1