Last active
August 29, 2015 14:20
-
-
Save jitomesky/6fc4f3364cec4c6a3133 to your computer and use it in GitHub Desktop.
EdgeRouterLite iijmioひかり IPv4 config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| firewall { | |
| all-ping enable | |
| broadcast-ping disable | |
| ipv6-receive-redirects disable | |
| ipv6-src-route disable | |
| ip-src-route disable | |
| log-martians enable | |
| modify pppoe-out { | |
| rule 1 { | |
| action modify | |
| modify { | |
| tcp-mss 1414 | |
| } | |
| protocol tcp | |
| tcp { | |
| flags SYN | |
| } | |
| } | |
| } | |
| name OUTSIDE-IN { | |
| default-action drop | |
| rule 10 { | |
| action accept | |
| log enable | |
| state { | |
| established enable | |
| related enable | |
| } | |
| } | |
| } | |
| name OUTSIDE-LOCAL { | |
| default-action drop | |
| rule 10 { | |
| action accept | |
| log enable | |
| state { | |
| established enable | |
| related enable | |
| } | |
| } | |
| rule 20 { | |
| action accept | |
| icmp { | |
| type-name echo-request | |
| } | |
| log enable | |
| protocol icmp | |
| state { | |
| new enable | |
| } | |
| } | |
| rule 30 { | |
| action drop | |
| destination { | |
| port 22 | |
| } | |
| log enable | |
| protocol tcp | |
| recent { | |
| count 4 | |
| time 60 | |
| } | |
| state { | |
| new enable | |
| } | |
| } | |
| rule 31 { | |
| action drop | |
| destination { | |
| port 22 | |
| } | |
| log enable | |
| protocol tcp | |
| state { | |
| new enable | |
| } | |
| } | |
| } | |
| receive-redirects disable | |
| send-redirects enable | |
| source-validation disable | |
| syn-cookies enable | |
| } | |
| interfaces { | |
| ethernet eth0 { | |
| duplex auto | |
| mtu 1500 | |
| pppoe 0 { | |
| default-route auto | |
| firewall { | |
| in { | |
| name OUTSIDE-IN | |
| } | |
| local { | |
| name OUTSIDE-LOCAL | |
| } | |
| out { | |
| } | |
| } | |
| mtu 1454 | |
| name-server auto | |
| password secret | |
| user-id secret | |
| } | |
| speed auto | |
| } | |
| ethernet eth1 { | |
| address 192.168.11.1/24 | |
| description Local | |
| duplex auto | |
| firewall { | |
| out { | |
| } | |
| } | |
| speed auto | |
| } | |
| ethernet eth2 { | |
| duplex auto | |
| speed auto | |
| } | |
| loopback lo { | |
| } | |
| } | |
| service { | |
| dhcp-server { | |
| disabled false | |
| hostfile-update disable | |
| shared-network-name LAN1 { | |
| authoritative disable | |
| subnet 192.168.11.0/24 { | |
| default-router 192.168.11.1 | |
| dns-server 192.168.11.1 | |
| lease 86400 | |
| start 192.168.11.30 { | |
| stop 192.168.11.90 | |
| } | |
| } | |
| } | |
| } | |
| dns { | |
| forwarding { | |
| cache-size 150 | |
| listen-on eth1 | |
| } | |
| } | |
| gui { | |
| https-port 443 | |
| } | |
| nat { | |
| rule 5000 { | |
| outbound-interface pppoe0 | |
| protocol all | |
| source { | |
| address 192.168.11.0/24 | |
| } | |
| type masquerade | |
| } | |
| } | |
| ssh { | |
| port 22 | |
| protocol-version v2 | |
| } | |
| } | |
| system { | |
| host-name ubnt | |
| login { | |
| user ubnt { | |
| authentication { | |
| encrypted-password secret | |
| plaintext-password "" | |
| } | |
| level admin | |
| } | |
| } | |
| ntp { | |
| server 0.ubnt.pool.ntp.org { | |
| } | |
| server 1.ubnt.pool.ntp.org { | |
| } | |
| server 2.ubnt.pool.ntp.org { | |
| } | |
| server 3.ubnt.pool.ntp.org { | |
| } | |
| } | |
| offload { | |
| ipv4 { | |
| forwarding enable | |
| pppoe enable | |
| } | |
| } | |
| syslog { | |
| global { | |
| facility all { | |
| level notice | |
| } | |
| facility protocols { | |
| level debug | |
| } | |
| } | |
| } | |
| time-zone UTC | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| set firewall all-ping enable | |
| set firewall broadcast-ping disable | |
| set firewall ip-src-route disable | |
| set firewall log-martians enable | |
| set firewall ipv6-src-route disable | |
| set firewall name OUTSIDE-IN default-action drop | |
| set firewall name OUTSIDE-IN rule 10 action accept | |
| set firewall name OUTSIDE-IN rule 10 log enable | |
| set firewall name OUTSIDE-IN rule 10 state established enable | |
| set firewall name OUTSIDE-IN rule 10 state related enable | |
| set firewall name OUTSIDE-LOCAL default-action drop | |
| set firewall name OUTSIDE-LOCAL rule 10 action accept | |
| set firewall name OUTSIDE-LOCAL rule 10 log enable | |
| set firewall name OUTSIDE-LOCAL rule 10 state established enable | |
| set firewall name OUTSIDE-LOCAL rule 10 state related enable | |
| set firewall name OUTSIDE-LOCAL rule 20 action accept | |
| set firewall name OUTSIDE-LOCAL rule 20 log enable | |
| set firewall name OUTSIDE-LOCAL rule 20 icmp type-name echo-request | |
| set firewall name OUTSIDE-LOCAL rule 20 protocol icmp | |
| set firewall name OUTSIDE-LOCAL rule 20 state new enable | |
| set firewall name OUTSIDE-LOCAL rule 30 action drop | |
| set firewall name OUTSIDE-LOCAL rule 30 destination port 22 | |
| set firewall name OUTSIDE-LOCAL rule 30 log enable | |
| set firewall name OUTSIDE-LOCAL rule 30 protocol tcp | |
| set firewall name OUTSIDE-LOCAL rule 30 recent count 4 | |
| set firewall name OUTSIDE-LOCAL rule 30 recent time 60 | |
| set firewall name OUTSIDE-LOCAL rule 30 state new enable | |
| set firewall name OUTSIDE-LOCAL rule 31 action drop | |
| set firewall name OUTSIDE-LOCAL rule 31 destination port 22 | |
| set firewall name OUTSIDE-LOCAL rule 31 log enable | |
| set firewall name OUTSIDE-LOCAL rule 31 protocol tcp | |
| set firewall name OUTSIDE-LOCAL rule 31 state new enable | |
| set firewall receive-redirects disable | |
| set firewall send-redirects enable | |
| set firewall source-validation disable | |
| set firewall syn-cookies enable | |
| set interfaces ethernet eth1 address 192.168.11.1/24 | |
| set interfaces ethernet eth1 description Local | |
| set interfaces ethernet eth1 duplex auto | |
| set interfaces ethernet eth1 speed auto | |
| delete interfaces ethernet eth0 | |
| set interfaces ethernet eth0 speed auto | |
| set interfaces ethernet eth0 pppoe 0 | |
| set interfaces ethernet eth0 pppoe 0 name-server auto | |
| set interfaces ethernet eth0 pppoe 0 user-id imhXXXXXXXX@iij.ad.jp | |
| set interfaces ethernet eth0 pppoe 0 password secret | |
| set interfaces ethernet eth0 pppoe 0 firewall in name OUTSIDE-IN | |
| set interfaces ethernet eth0 pppoe 0 firewall local name OUTSIDE-LOCAL | |
| set interfaces ethernet eth0 pppoe 0 mtu 1454 | |
| set firewall modify pppoe-out rule 1 action modify | |
| set firewall modify pppoe-out rule 1 modify tcp-mss 1414 | |
| set firewall modify pppoe-out rule 1 protocol tcp | |
| set firewall modify pppoe-out rule 1 tcp flags 'SYN' | |
| set interfaces ethernet eth0 pppoe 0 firewall out modify pppoe-out | |
| set service dhcp-server disabled false | |
| set service dhcp-server shared-network-name LAN1 authoritative disable | |
| set service dhcp-server shared-network-name LAN1 subnet 192.168.11.0/24 | |
| set service dhcp-server shared-network-name LAN1 subnet 192.168.11.0/24 default-router 192.168.11.1 | |
| set service dhcp-server shared-network-name LAN1 subnet 192.168.11.0/24 dns-server 192.168.11.1 | |
| set service dhcp-server shared-network-name LAN1 subnet 192.168.11.0/24 lease 86400 | |
| set service dhcp-server shared-network-name LAN1 subnet 192.168.11.0/24 start 192.168.11.30 stop 192.168.11.90 | |
| set service dns forwarding cache-size 150 | |
| set service dns forwarding listen-on eth1 | |
| set service nat rule 5000 outbound-interface pppoe0 | |
| set service nat rule 5000 source address 192.168.11.0/24 | |
| set service nat rule 5000 type masquerade | |
| set service nat rule 5000 protocol all | |
| set service ssh port 22 | |
| set service ssh protocol-version v2 | |
| set service ssh listen-address 192.168.11.0 | |
| set system offload ipv4 forwarding enable | |
| set system offload ipv4 pppoe enable |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment