Created
July 13, 2018 00:49
-
-
Save ericgcollyer/ac5e140734bc6574f320209261da4a3e to your computer and use it in GitHub Desktop.
Configuration of my router with local ip 192.168.1.1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
firewall { | |
all-ping enable | |
broadcast-ping disable | |
ipv6-name WANv6_IN { | |
default-action drop | |
description "WAN inbound traffic forwarded to LAN" | |
rule 10 { | |
action accept | |
description "Allow established/related" | |
state { | |
established enable | |
related enable | |
} | |
} | |
rule 20 { | |
action drop | |
description "Drop invalid state" | |
state { | |
invalid enable | |
} | |
} | |
rule 30 { | |
action accept | |
description "Allow ICMPv6" | |
log disable | |
protocol icmpv6 | |
} | |
} | |
ipv6-name WANv6_LOCAL { | |
default-action drop | |
description "WAN inbound traffic to the router" | |
rule 10 { | |
action accept | |
description "Allow established/related" | |
state { | |
established enable | |
related enable | |
} | |
} | |
rule 20 { | |
action drop | |
description "Drop invalid state" | |
state { | |
invalid enable | |
} | |
} | |
rule 30 { | |
action accept | |
description "Allow ICMPv6" | |
log disable | |
protocol icmpv6 | |
} | |
rule 40 { | |
action accept | |
description "Allow DHCPv6" | |
destination { | |
port 546 | |
} | |
protocol udp | |
source { | |
port 547 | |
} | |
} | |
} | |
ipv6-name WANv6_OUT { | |
default-action accept | |
description "WAN outbound traffic" | |
rule 10 { | |
action accept | |
description "Allow established/related" | |
state { | |
established enable | |
related enable | |
} | |
} | |
rule 20 { | |
action reject | |
description "Reject invalid state" | |
state { | |
invalid enable | |
} | |
} | |
} | |
ipv6-receive-redirects disable | |
ipv6-src-route disable | |
ip-src-route disable | |
log-martians enable | |
name LAN_IN { | |
default-action accept | |
description "LAN to Internal" | |
rule 10 { | |
action drop | |
description "Drop invalid state" | |
state { | |
invalid enable | |
} | |
} | |
} | |
name WAN_IN { | |
default-action drop | |
description "WAN to internal" | |
rule 10 { | |
action accept | |
description "Allow established/related" | |
log disable | |
state { | |
established enable | |
invalid disable | |
new disable | |
related enable | |
} | |
} | |
rule 20 { | |
action accept | |
description "Allow ICMP" | |
log disable | |
protocol icmp | |
state { | |
established enable | |
related enable | |
} | |
} | |
rule 30 { | |
action accept | |
description "Allow IGMP" | |
log disable | |
protocol igmp | |
} | |
rule 100 { | |
action drop | |
description "Drop invalid state" | |
protocol all | |
state { | |
established disable | |
invalid enable | |
new disable | |
related disable | |
} | |
} | |
} | |
name WAN_LOCAL { | |
default-action drop | |
description "WAN to router" | |
rule 10 { | |
action accept | |
description "Allow established/related" | |
log disable | |
state { | |
established enable | |
related enable | |
} | |
} | |
rule 20 { | |
action accept | |
description "Port Forward - Router SSH" | |
destination { | |
address 192.168.1.1 | |
port 22 | |
} | |
protocol tcp | |
} | |
rule 30 { | |
action accept | |
description "Port Forward - Router HTTPS" | |
destination { | |
address 192.168.1.1 | |
port 443 | |
} | |
protocol tcp | |
} | |
rule 40 { | |
action accept | |
description "Allow ICMP" | |
log disable | |
protocol icmp | |
} | |
rule 100 { | |
action drop | |
description "Drop invalid state" | |
protocol all | |
state { | |
established disable | |
invalid enable | |
new disable | |
related disable | |
} | |
} | |
} | |
name WAN_OUT { | |
default-action accept | |
description "Internal to WAN" | |
rule 10 { | |
action accept | |
description "Allow established/related" | |
log disable | |
state { | |
established enable | |
related enable | |
} | |
} | |
rule 20 { | |
action reject | |
description "Reject invalid state" | |
log disable | |
state { | |
invalid enable | |
} | |
} | |
} | |
options { | |
mss-clamp { | |
interface-type all | |
mss 1460 | |
} | |
} | |
receive-redirects disable | |
send-redirects enable | |
source-validation disable | |
syn-cookies enable | |
} | |
interfaces { | |
ethernet eth0 { | |
description "Google Fiber Jack" | |
duplex auto | |
speed auto | |
vif 2 { | |
address dhcp | |
description "Google Fiber WAN" | |
dhcpv6-pd { | |
pd 0 { | |
interface eth1 { | |
host-address ::1 | |
prefix-id :0 | |
service slaac | |
} | |
interface eth2 { | |
host-address ::1 | |
prefix-id :1 | |
service slaac | |
} | |
interface eth2.102 { | |
host-address ::1 | |
prefix-id :2 | |
service slaac | |
} | |
prefix-length /56 | |
} | |
rapid-commit enable | |
} | |
egress-qos "0:3 1:3 2:3 3:3 4:3 5:3 6:3 7:3" | |
firewall { | |
in { | |
ipv6-name WANv6_IN | |
name WAN_IN | |
} | |
local { | |
ipv6-name WANv6_LOCAL | |
name WAN_LOCAL | |
} | |
out { | |
ipv6-name WANv6_OUT | |
name WAN_OUT | |
} | |
} | |
} | |
} | |
ethernet eth1 { | |
address 192.168.99.1/24 | |
description "Local Config Port" | |
duplex auto | |
firewall { | |
in { | |
name LAN_IN | |
} | |
} | |
speed auto | |
} | |
ethernet eth2 { | |
address 192.168.1.1/24 | |
description LAN | |
duplex auto | |
firewall { | |
in { | |
name LAN_IN | |
} | |
} | |
speed auto | |
vif 102 { | |
address 172.16.0.1/24 | |
description "Guest Network VLAN" | |
mtu 1500 | |
} | |
} | |
loopback lo { | |
} | |
} | |
port-forward { | |
auto-firewall enable | |
hairpin-nat enable | |
lan-interface eth2 | |
rule 1 { | |
description Nginx | |
forward-to { | |
address 192.168.1.15 | |
port 443 | |
} | |
original-port 443 | |
protocol tcp_udp | |
} | |
rule 2 { | |
description Plex | |
forward-to { | |
address 192.168.1.14 | |
port 32400 | |
} | |
original-port 32400 | |
protocol tcp_udp | |
} | |
rule 3 { | |
description Deluge | |
forward-to { | |
address 192.168.1.16 | |
port 5800 | |
} | |
original-port 5800 | |
protocol tcp_udp | |
} | |
wan-interface eth0.2 | |
} | |
service { | |
dhcp-server { | |
disabled false | |
hostfile-update enable | |
shared-network-name Config { | |
authoritative disable | |
subnet 192.168.99.0/24 { | |
default-router 192.168.99.1 | |
dns-server 8.8.8.8 | |
dns-server 8.8.4.4 | |
lease 86400 | |
start 192.168.99.101 { | |
stop 192.168.99.254 | |
} | |
} | |
} | |
shared-network-name Guest { | |
authoritative disable | |
subnet 172.16.0.0/24 { | |
default-router 172.16.0.1 | |
dns-server 8.8.8.8 | |
dns-server 8.8.4.4 | |
domain-name guest.example.com | |
lease 86400 | |
start 172.16.0.10 { | |
stop 172.16.0.254 | |
} | |
} | |
} | |
shared-network-name LAN { | |
authoritative disable | |
subnet 192.168.1.0/24 { | |
default-router 192.168.1.1 | |
dns-server 192.168.1.19 | |
dns-server 1.1.1.1 | |
domain-name ericcollyer.com | |
lease 86400 | |
start 192.168.1.25 { | |
stop 192.168.1.254 | |
} | |
[redacted] | |
} | |
static-arp disable | |
use-dnsmasq disable | |
} | |
dns { | |
forwarding { | |
cache-size 500 | |
listen-on eth2 | |
name-server 2001:4860:4860::8888 | |
name-server 2001:4860:4860::8844 | |
name-server 8.8.8.8 | |
name-server 8.8.4.4 | |
system | |
} | |
} | |
gui { | |
http-port 80 | |
https-port 443 | |
older-ciphers enable | |
} | |
nat { | |
rule 5000 { | |
description "Masquerade for WAN" | |
log disable | |
outbound-interface eth0.2 | |
protocol all | |
type masquerade | |
} | |
} | |
snmp { | |
community KK8Et3NQNiljIowm0WcB { | |
authorization ro | |
} | |
} | |
ssh { | |
port 22 | |
protocol-version v2 | |
} | |
unms { | |
disable | |
} | |
upnp2 { | |
listen-on eth2 | |
nat-pmp disable | |
secure-mode enable | |
wan eth0.2 | |
} | |
} | |
system { | |
host-name edgerouter | |
login { | |
user [redacted] { | |
authentication { | |
encrypted-password **************** | |
plaintext-password **************** | |
} | |
full-name [redacted] | |
level admin | |
} | |
} | |
name-server 2605:a601:524:6e01:1882:9dff:fe85:2d8f | |
name-server 192.168.1.19 | |
name-server 1.1.1.1 | |
name-server 1.0.0.1 | |
ntp { | |
server 0.ubnt.pool.ntp.org { | |
} | |
server 1.ubnt.pool.ntp.org { | |
} | |
server 2.ubnt.pool.ntp.org { | |
} | |
server 3.ubnt.pool.ntp.org { | |
} | |
} | |
offload { | |
hwnat disable | |
ipsec enable | |
ipv4 { | |
forwarding enable | |
gre enable | |
pppoe enable | |
vlan enable | |
} | |
ipv6 { | |
forwarding enable | |
vlan enable | |
} | |
} | |
package { | |
repository wheezy { | |
components "main contrib non-free" | |
distribution wheezy | |
password **************** | |
url http://http.us.debian.org/debian | |
username "" | |
} | |
} | |
syslog { | |
global { | |
facility all { | |
level notice | |
} | |
facility protocols { | |
level debug | |
} | |
} | |
} | |
time-zone America/Denver | |
traffic-analysis { | |
dpi disable | |
export enable | |
} | |
} | |
traffic-control { | |
} | |
vpn { | |
ipsec { | |
auto-firewall-nat-exclude enable | |
esp-group FOO0 { | |
proposal 1 { | |
encryption aes256 | |
hash sha1 | |
} | |
} | |
ike-group FOO0 { | |
proposal 1 { | |
dh-group 14 | |
encryption aes256 | |
hash sha1 | |
} | |
} | |
site-to-site { | |
peer [redacted] { | |
authentication { | |
mode pre-shared-secret | |
pre-shared-secret **************** | |
} | |
connection-type initiate | |
description [redacted] | |
ike-group FOO0 | |
local-address [redacted] | |
tunnel 1 { | |
esp-group FOO0 | |
local { | |
prefix 192.168.1.1/24 | |
} | |
remote { | |
prefix 192.168.5.1/24 | |
} | |
} | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment