Last active
June 3, 2019 19:46
-
-
Save eirvandelden/92f749909131899809f2e1eafad6ceac to your computer and use it in GitHub Desktop.
2019-03-06 edgerouter config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
firewall { | |
all-ping enable | |
broadcast-ping disable | |
group { | |
address-group mDNS { | |
address 224.0.0.251 | |
description "" | |
} | |
network-group LAN { | |
description "LAN Subnet" | |
network 192.168.1.0/24 | |
network 192.168.100.0/24 | |
} | |
port-group homekit-ports { | |
description "" | |
port 80 | |
port 443 | |
} | |
} | |
ipv6-receive-redirects disable | |
ipv6-src-route disable | |
ip-src-route disable | |
log-martians enable | |
name WAN_IN { | |
default-action drop | |
description "WAN to internal" | |
rule 10 { | |
action accept | |
description "Allow established/related" | |
state { | |
established enable | |
related enable | |
} | |
} | |
rule 20 { | |
action drop | |
description "Drop invalid state" | |
state { | |
invalid enable | |
} | |
} | |
} | |
name WAN_LOCAL { | |
default-action drop | |
description "WAN to router" | |
rule 10 { | |
action accept | |
description "Allow established/related" | |
state { | |
established enable | |
related enable | |
} | |
} | |
rule 20 { | |
action drop | |
description "Drop invalid state" | |
state { | |
invalid enable | |
} | |
} | |
} | |
name allow-mdns-to-vlan { | |
default-action accept | |
description "Allow mDNS to (IOT) VLAN" | |
rule 1 { | |
action accept | |
description "allow mDNS to (IOT) VLAN" | |
destination { | |
group { | |
address-group mDNS | |
} | |
} | |
log disable | |
protocol all | |
state { | |
established enable | |
invalid disable | |
new enable | |
related disable | |
} | |
} | |
} | |
receive-redirects disable | |
send-redirects enable | |
source-validation disable | |
syn-cookies enable | |
} | |
interfaces { | |
ethernet eth0 { | |
description "LAN - To Time Capsule" | |
duplex auto | |
poe { | |
output off | |
} | |
speed auto | |
} | |
ethernet eth1 { | |
description "LAN - To Unmanaged Switch" | |
duplex auto | |
poe { | |
output off | |
} | |
speed auto | |
} | |
ethernet eth2 { | |
description "LAN - eth2" | |
duplex auto | |
poe { | |
output off | |
} | |
speed auto | |
} | |
ethernet eth3 { | |
description "LAN - eth3" | |
duplex auto | |
poe { | |
output off | |
} | |
speed auto | |
} | |
ethernet eth4 { | |
description "LAN - eth4" | |
duplex auto | |
poe { | |
output off | |
} | |
speed auto | |
} | |
ethernet eth5 { | |
description "WAN - Fiber" | |
duplex full | |
speed 1000 | |
vif 300 { | |
address dhcp | |
description "Fibel - VLAN - Internet" | |
firewall { | |
in { | |
name WAN_IN | |
} | |
local { | |
name WAN_LOCAL | |
} | |
} | |
} | |
} | |
loopback lo { | |
} | |
switch switch0 { | |
address 192.168.1.1/24 | |
description Switch | |
mtu 1500 | |
switch-port { | |
interface eth0 { | |
} | |
interface eth1 { | |
} | |
interface eth2 { | |
} | |
interface eth3 { | |
} | |
interface eth4 { | |
} | |
vlan-aware disable | |
} | |
} | |
} | |
service { | |
dhcp-server { | |
disabled false | |
hostfile-update disable | |
shared-network-name LAN { | |
authoritative enable | |
subnet 192.168.1.0/24 { | |
default-router 192.168.1.1 | |
dns-server 192.168.1.1 | |
domain-name vandelden | |
lease 86400 | |
start 192.168.1.38 { | |
stop 192.168.1.243 | |
} | |
static-mapping TimeCapsule { | |
ip-address 192.168.1.39 | |
mac-address 00:24:36:a2:3e:58 | |
} | |
} | |
} | |
static-arp disable | |
use-dnsmasq disable | |
} | |
dns { | |
forwarding { | |
cache-size 150 | |
listen-on switch0 | |
} | |
} | |
gui { | |
http-port 80 | |
https-port 443 | |
older-ciphers enable | |
} | |
mdns { | |
repeater { | |
interface eth0 | |
interface eth1 | |
interface switch0 | |
} | |
} | |
nat { | |
rule 5010 { | |
description "masquerade for WAN" | |
log disable | |
outbound-interface eth5.300 | |
protocol all | |
type masquerade | |
} | |
} | |
ssh { | |
port 22 | |
protocol-version v2 | |
} | |
} | |
system { | |
host-name edgerouter | |
login { | |
user ubnt { | |
authentication { | |
} | |
level admin | |
} | |
} | |
name-server 1.1.1.1 | |
name-server 1.0.0.1 | |
ntp { | |
server 0.ubnt.pool.ntp.org { | |
} | |
server 1.ubnt.pool.ntp.org { | |
} | |
server 2.ubnt.pool.ntp.org { | |
} | |
server 3.ubnt.pool.ntp.org { | |
} | |
} | |
static-host-mapping { | |
host-name edgerouter { | |
alias edgerouter.vandelden | |
inet 192.168.1.1 | |
} | |
} | |
syslog { | |
global { | |
facility all { | |
level notice | |
} | |
facility protocols { | |
level debug | |
} | |
} | |
} | |
time-zone Europe/Amsterdam | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment