Created
January 7, 2016 03:40
-
-
Save nihar/b233480eb19617f08037 to your computer and use it in GitHub Desktop.
EdgeRouter X Configuration to get Airport Extreme Guest Wi-fi working
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
firewall { | |
all-ping enable | |
broadcast-ping disable | |
ipv6-receive-redirects disable | |
ipv6-src-route disable | |
ip-src-route disable | |
log-martians enable | |
name GUEST_LOCAL { | |
default-action accept | |
description "" | |
rule 1 { | |
action drop | |
description "Deny access to LAN" | |
destination { | |
address 10.0.0.0/16 | |
} | |
log disable | |
protocol all | |
} | |
rule 2 { | |
action accept | |
description "Allow guest Wi-fi" | |
log disable | |
protocol all | |
state { | |
established enable | |
invalid disable | |
new disable | |
related enable | |
} | |
} | |
} | |
name WAN_IN { | |
default-action drop | |
description "WAN to internal" | |
rule 10 { | |
action accept | |
description "Allow established/related" | |
state { | |
established enable | |
related enable | |
} | |
} | |
rule 20 { | |
action drop | |
description "Drop invalid state" | |
state { | |
invalid enable | |
} | |
} | |
} | |
name WAN_LOCAL { | |
default-action drop | |
description "WAN to router" | |
rule 10 { | |
action accept | |
description "Allow established/related" | |
state { | |
established enable | |
related enable | |
} | |
} | |
rule 20 { | |
action drop | |
description "Drop invalid state" | |
state { | |
invalid enable | |
} | |
} | |
} | |
receive-redirects disable | |
send-redirects enable | |
source-validation disable | |
syn-cookies enable | |
} | |
interfaces { | |
ethernet eth0 { | |
address dhcp | |
description Internet | |
duplex auto | |
firewall { | |
in { | |
name WAN_IN | |
} | |
local { | |
name WAN_LOCAL | |
} | |
} | |
speed auto | |
} | |
ethernet eth1 { | |
description Local | |
duplex auto | |
speed auto | |
} | |
ethernet eth2 { | |
description Local | |
duplex auto | |
speed auto | |
} | |
ethernet eth3 { | |
description Local | |
duplex auto | |
speed auto | |
} | |
ethernet eth4 { | |
description Local | |
duplex auto | |
speed auto | |
} | |
loopback lo { | |
} | |
switch switch0 { | |
address 10.0.0.1/16 | |
description "Main Wifi" | |
switch-port { | |
interface eth1 | |
interface eth2 | |
interface eth3 | |
interface eth4 | |
} | |
vif 1003 { | |
address 10.1.0.1/24 | |
description "Guest Wifi" | |
firewall { | |
local { | |
name GUEST_LOCAL | |
} | |
} | |
} | |
} | |
} | |
service { | |
dhcp-server { | |
disabled false | |
hostfile-update disable | |
shared-network-name GUEST_LAN { | |
subnet 10.1.0.0/24 { | |
default-router 10.1.0.1 | |
dns-server 8.8.8.8 | |
dns-server 8.8.4.4 | |
lease 3600 | |
start 10.1.0.100 { | |
stop 10.1.0.250 | |
} | |
} | |
} | |
shared-network-name LAN { | |
subnet 10.0.0.0/16 { | |
default-router 10.0.0.1 | |
dns-server 10.0.0.1 | |
lease 86400 | |
start 10.0.38.102 { | |
stop 10.0.243.51 | |
} | |
} | |
} | |
} | |
dns { | |
forwarding { | |
cache-size 150 | |
listen-on switch0 | |
} | |
} | |
gui { | |
https-port 443 | |
} | |
nat { | |
rule 5010 { | |
description "masquerade for WAN" | |
outbound-interface eth0 | |
type masquerade | |
} | |
} | |
ssh { | |
port 22 | |
protocol-version v2 | |
} | |
} | |
system { | |
host-name ubnt | |
login { | |
user ubnt { | |
authentication { | |
encrypted-password **** | |
plaintext-password **** | |
} | |
full-name "" | |
level admin | |
} | |
} | |
ntp { | |
server 0.ubnt.pool.ntp.org { | |
} | |
server 1.ubnt.pool.ntp.org { | |
} | |
server 2.ubnt.pool.ntp.org { | |
} | |
server 3.ubnt.pool.ntp.org { | |
} | |
} | |
syslog { | |
global { | |
facility all { | |
level notice | |
} | |
facility protocols { | |
level debug | |
} | |
} | |
} | |
time-zone America/New_York | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment