Created
July 13, 2018 00:42
-
-
Save ericgcollyer/61f684b1f3d55ceea8d5c51b91bb326a to your computer and use it in GitHub Desktop.
Configuration of my router with local ip 192.168.5.1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
firewall { | |
all-ping enable | |
broadcast-ping disable | |
ipv6-receive-redirects disable | |
ipv6-src-route disable | |
ip-src-route disable | |
log-martians enable | |
name LAN_IN { | |
default-action accept | |
description "LAN to Internal" | |
rule 1 { | |
action drop | |
log disable | |
protocol all | |
state { | |
established disable | |
invalid enable | |
new disable | |
related disable | |
} | |
} | |
} | |
name WAN_IN { | |
default-action drop | |
description "WAN to internal" | |
rule 10 { | |
action accept | |
description "Allow established/related" | |
state { | |
established enable | |
related enable | |
} | |
} | |
rule 20 { | |
action accept | |
description "Allow ICMP" | |
log disable | |
protocol icmp | |
state { | |
established enable | |
invalid disable | |
new disable | |
related enable | |
} | |
} | |
rule 30 { | |
action accept | |
description "Allow IGMP" | |
log disable | |
protocol igmp | |
} | |
rule 40 { | |
action drop | |
description "Drop invalid state" | |
state { | |
invalid enable | |
} | |
} | |
} | |
name WAN_LOCAL { | |
default-action drop | |
description "WAN to router" | |
rule 10 { | |
action accept | |
description "Allow established/related" | |
state { | |
established enable | |
related enable | |
} | |
} | |
rule 20 { | |
action drop | |
description "Drop invalid state" | |
state { | |
invalid enable | |
} | |
} | |
} | |
name WAN_OUT { | |
default-action accept | |
description "Internal to WAN" | |
rule 1 { | |
action accept | |
description "Allow established/related" | |
log disable | |
protocol all | |
state { | |
established enable | |
invalid disable | |
new disable | |
related enable | |
} | |
} | |
rule 2 { | |
action reject | |
description "Reject invalid state" | |
log disable | |
protocol all | |
state { | |
established disable | |
invalid enable | |
new disable | |
related disable | |
} | |
} | |
} | |
receive-redirects disable | |
send-redirects enable | |
source-validation disable | |
syn-cookies enable | |
} | |
interfaces { | |
ethernet eth0 { | |
address dhcp | |
description Internet | |
duplex auto | |
firewall { | |
in { | |
name WAN_IN | |
} | |
local { | |
name WAN_LOCAL | |
} | |
out { | |
name WAN_OUT | |
} | |
} | |
speed auto | |
} | |
ethernet eth1 { | |
address 192.168.5.1/24 | |
description Local | |
duplex auto | |
firewall { | |
in { | |
name LAN_IN | |
} | |
} | |
speed auto | |
} | |
ethernet eth2 { | |
address 192.168.2.1/24 | |
description "Local 2" | |
duplex auto | |
firewall { | |
in { | |
name LAN_IN | |
} | |
} | |
speed auto | |
} | |
ethernet eth3 { | |
duplex auto | |
speed auto | |
} | |
loopback lo { | |
} | |
} | |
port-forward { | |
auto-firewall enable | |
hairpin-nat enable | |
lan-interface eth1 | |
wan-interface eth0 | |
} | |
service { | |
dhcp-server { | |
disabled false | |
hostfile-update disable | |
shared-network-name LAN1 { | |
authoritative enable | |
subnet 192.168.5.0/24 { | |
default-router 192.168.5.1 | |
dns-server 192.168.5.1 | |
dns-server 1.0.0.1 | |
lease 86400 | |
start 192.168.5.38 { | |
stop 192.168.5.243 | |
} | |
unifi-controller 192.168.1.2 | |
} | |
} | |
shared-network-name LAN2 { | |
authoritative enable | |
disable | |
subnet 192.168.2.0/24 { | |
default-router 192.168.2.1 | |
dns-server 192.168.2.1 | |
lease 86400 | |
start 192.168.2.38 { | |
stop 192.168.2.243 | |
} | |
} | |
} | |
static-arp disable | |
use-dnsmasq disable | |
} | |
dns { | |
forwarding { | |
cache-size 500 | |
listen-on eth1 | |
listen-on eth0 | |
} | |
} | |
gui { | |
http-port 80 | |
https-port 443 | |
older-ciphers enable | |
} | |
nat { | |
rule 5010 { | |
description "masquerade for WAN" | |
outbound-interface eth0 | |
type masquerade | |
} | |
} | |
ssh { | |
port 22 | |
protocol-version v2 | |
} | |
} | |
system { | |
host-name ubnt | |
login { | |
user [username] { | |
authentication { | |
encrypted-password **************** | |
} | |
level admin | |
} | |
} | |
ntp { | |
server 0.ubnt.pool.ntp.org { | |
} | |
server 1.ubnt.pool.ntp.org { | |
} | |
server 2.ubnt.pool.ntp.org { | |
} | |
server 3.ubnt.pool.ntp.org { | |
} | |
} | |
offload { | |
hwnat disable | |
ipsec enable | |
ipv4 { | |
forwarding enable | |
gre enable | |
pppoe enable | |
vlan enable | |
} | |
ipv6 { | |
forwarding enable | |
pppoe enable | |
} | |
} | |
syslog { | |
global { | |
facility all { | |
level notice | |
} | |
facility protocols { | |
level debug | |
} | |
} | |
} | |
time-zone UTC | |
} | |
vpn { | |
ipsec { | |
auto-firewall-nat-exclude enable | |
esp-group FOO0 { | |
proposal 1 { | |
encryption aes256 | |
hash sha1 | |
} | |
} | |
ike-group FOO0 { | |
proposal 1 { | |
dh-group 14 | |
encryption aes256 | |
hash sha1 | |
} | |
} | |
site-to-site { | |
peer [peer ip] { | |
authentication { | |
mode pre-shared-secret | |
pre-shared-secret **************** | |
} | |
connection-type initiate | |
description [*************] | |
ike-group FOO0 | |
local-address [local ip] | |
tunnel 1 { | |
esp-group FOO0 | |
local { | |
prefix 192.168.5.1/24 | |
} | |
remote { | |
prefix 192.168.1.1/24 | |
} | |
} | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment