James Ravn jsravn

## dhcpd.conf
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;

# option definitions common to all supported networks...
option domain-name "home";
option domain-search "home";

## zones
#ZONE   TYPE    OPTIONS                 IN_OPTIONS              OUT_OPTIONS
fw      firewall
wan     ipv4
lan     ipv4
modem   ipv4

## rules
#ACTION SOURCE              DEST                    PROTO   DPORT   SPORT   ORIGDEST
# allow certain ICMP to not break TCP and pings
ACCEPT  wan                 fw                      icmp    0,3,4,8,11
# example port forwarding
DNAT    wan                 lan:192.168.1.10       tcp     2628
DNAT    wan                 lan:192.168.1.10       udp     2628

## policy
#SOURCE       DESTINATION         POLICY         LOGLEVEL          BURST
wan           all                 DROP
fw            all                 ACCEPT
lan           all                 ACCEPT
all           all                 REJECT

## masq
ppp0 192.168.0.0/16,10.10.3.0/24
eth0

## interfaces
# wan is setup with some basic filtering settings.
wan ppp0 detect routefilter,tcpflags
# lan is bridged and uses dhcp.
lan br0 detect dhcp,bridge
# modem is a separate interface for direct access to the vDSL UI.
modem eth0

## init
# Setup ifb to ratelimit upload for fq_codel.
modprobe ifb numifbs=1
ip link set ifb0 up

## tcdevices
# This should be set to slightly less than your raw upload speed.
ppp0 0 19mbit
# This should be set to slightly less than your raw download speed.
ifb0 0 72mbit classify ppp0

## tcclasses
ppp0 1 full full 1 default,fq_codel
ifb0:2 1 full full 1 default,fq_codel

## ethtool
#!/bin/sh
/sbin/ethtool -K ppp0 gro off gso off
	# The ddns-updates-style parameter controls whether or not the server will
	# attempt to do a DNS update when a lease is confirmed. We default to the
	# behavior of the version 2 packages ('none', since DHCP v2 didn't
	# have support for DDNS.)
	ddns-update-style none;

	# option definitions common to all supported networks...
	option domain-name "home";
	option domain-search "home";
	#ZONE TYPE OPTIONS IN_OPTIONS OUT_OPTIONS
	fw firewall
	wan ipv4
	lan ipv4
	modem ipv4
	#ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST
	# allow certain ICMP to not break TCP and pings
	ACCEPT wan fw icmp 0,3,4,8,11
	# example port forwarding
	DNAT wan lan:192.168.1.10 tcp 2628
	DNAT wan lan:192.168.1.10 udp 2628
	#SOURCE DESTINATION POLICY LOGLEVEL BURST
	wan all DROP
	fw all ACCEPT
	lan all ACCEPT
	all all REJECT
	# wan is setup with some basic filtering settings.
	wan ppp0 detect routefilter,tcpflags
	# lan is bridged and uses dhcp.
	lan br0 detect dhcp,bridge
	# modem is a separate interface for direct access to the vDSL UI.
	modem eth0
	# Setup ifb to ratelimit upload for fq_codel.
	modprobe ifb numifbs=1
	ip link set ifb0 up
	# This should be set to slightly less than your raw upload speed.
	ppp0 0 19mbit
	# This should be set to slightly less than your raw download speed.
	ifb0 0 72mbit classify ppp0
	ppp0 1 full full 1 default,fq_codel
	ifb0:2 1 full full 1 default,fq_codel