Last active
August 8, 2016 23:19
-
-
Save stevejenkins/4e9f4cc7c0c84f13cce9 to your computer and use it in GitHub Desktop.
My config.boot on a UBNT EdgeRouter 5 PoE
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| firewall { | |
| all-ping enable | |
| broadcast-ping disable | |
| ipv6-receive-redirects disable | |
| ipv6-src-route disable | |
| ip-src-route disable | |
| log-martians enable | |
| name WAN_IN { | |
| default-action drop | |
| description "WAN to Internal" | |
| rule 10 { | |
| action accept | |
| description "Allow established/related" | |
| state { | |
| established enable | |
| related enable | |
| } | |
| } | |
| rule 20 { | |
| action drop | |
| description "Drop invalid state" | |
| state { | |
| invalid enable | |
| } | |
| } | |
| } | |
| name WAN_LOCAL { | |
| default-action drop | |
| description "WAN to Router" | |
| rule 1 { | |
| action accept | |
| description "Allow established/related" | |
| state { | |
| established enable | |
| related enable | |
| } | |
| } | |
| rule 2 { | |
| action drop | |
| description "Drop invalid state" | |
| state { | |
| invalid enable | |
| } | |
| } | |
| rule 3 { | |
| action accept | |
| description "Port Forward - Router SSH" | |
| destination { | |
| address 192.168.1.1 | |
| port 22 | |
| } | |
| log disable | |
| protocol tcp | |
| time { | |
| } | |
| } | |
| rule 4 { | |
| action accept | |
| description "Port Forward - Router HTTPS" | |
| destination { | |
| address 192.168.1.1 | |
| port 443 | |
| } | |
| log disable | |
| protocol tcp | |
| } | |
| } | |
| options { | |
| mss-clamp { | |
| interface-type all | |
| mss 1412 | |
| } | |
| } | |
| receive-redirects disable | |
| send-redirects enable | |
| source-validation disable | |
| syn-cookies enable | |
| } | |
| interfaces { | |
| ethernet eth0 { | |
| address dhcp | |
| description WAN | |
| duplex auto | |
| firewall { | |
| in { | |
| name WAN_IN | |
| } | |
| local { | |
| name WAN_LOCAL | |
| } | |
| } | |
| poe { | |
| output off | |
| } | |
| speed auto | |
| } | |
| ethernet eth1 { | |
| address 192.168.2.1/24 | |
| description "LAN 2" | |
| duplex auto | |
| poe { | |
| output off | |
| } | |
| speed auto | |
| } | |
| ethernet eth2 { | |
| description LAN | |
| duplex auto | |
| poe { | |
| output off | |
| } | |
| speed auto | |
| } | |
| ethernet eth3 { | |
| description LAN | |
| duplex auto | |
| poe { | |
| output off | |
| } | |
| speed auto | |
| } | |
| ethernet eth4 { | |
| description LAN | |
| duplex auto | |
| poe { | |
| output off | |
| } | |
| speed auto | |
| } | |
| loopback lo { | |
| } | |
| switch switch0 { | |
| address 192.168.1.1/24 | |
| description "LAN Switch" | |
| mtu 1500 | |
| switch-port { | |
| interface eth2 | |
| interface eth3 | |
| interface eth4 | |
| } | |
| vif 102 { | |
| address 10.0.0.1/24 | |
| description "Guest Network VLAN" | |
| mtu 1500 | |
| } | |
| } | |
| } | |
| port-forward { | |
| auto-firewall enable | |
| hairpin-nat enable | |
| lan-interface switch0 | |
| rule 1 { | |
| description MeteoBridge | |
| forward-to { | |
| address 192.168.1.xxx | |
| port 80 | |
| } | |
| original-port xxx | |
| protocol tcp_udp | |
| } | |
| rule 2 { | |
| description Webcam | |
| forward-to { | |
| address 192.168.1.xxx | |
| port 554 | |
| } | |
| original-port xxx | |
| protocol tcp_udp | |
| } | |
| rule 3 { | |
| description "Maple VPN" | |
| forward-to { | |
| address 192.168.1.xxx | |
| port 1723 | |
| } | |
| original-port xxx | |
| protocol tcp_udp | |
| } | |
| rule 4 { | |
| description Envisalink | |
| forward-to { | |
| address 192.168.1.xxx | |
| port 80 | |
| } | |
| original-port xxx | |
| protocol tcp_udp | |
| } | |
| rule 5 { | |
| description "SteveJ Remote Desktop" | |
| forward-to { | |
| address 192.168.1.xxx | |
| port 3389 | |
| } | |
| original-port xxx | |
| protocol tcp_udp | |
| } | |
| rule 6 { | |
| description "Keri Remote Desktop" | |
| forward-to { | |
| address 192.168.1.xxx | |
| port 3389 | |
| } | |
| original-port xxx | |
| protocol tcp_udp | |
| } | |
| rule 7 { | |
| description "Office Remote Desktop" | |
| forward-to { | |
| address 192.168.1.xxx | |
| port 3389 | |
| } | |
| original-port xxx | |
| protocol tcp_udp | |
| } | |
| rule 8 { | |
| description "Playroom Remote Desktop" | |
| forward-to { | |
| address 192.168.1.xxx | |
| port 3389 | |
| } | |
| original-port xxx | |
| protocol tcp_udp | |
| } | |
| rule 9 { | |
| description "Mugello SSH" | |
| forward-to { | |
| address 192.168.1.xxx | |
| port 22 | |
| } | |
| original-port xxx | |
| protocol tcp_udp | |
| } | |
| rule 10 { | |
| description "DVR Master Bedroom" | |
| forward-to { | |
| address 192.168.1.xxx | |
| port xxx-xxx | |
| } | |
| original-port xxx-xxx | |
| protocol tcp_udp | |
| } | |
| rule 11 { | |
| description "DVR Theater" | |
| forward-to { | |
| address 192.168.1.xxx | |
| port xxx-xxx | |
| } | |
| original-port xxx-xxx | |
| protocol tcp_udp | |
| } | |
| rule 12 { | |
| description "DVR Family" | |
| forward-to { | |
| address 192.168.1.xxx | |
| port xxx-xxx | |
| } | |
| original-port xxx-xxx | |
| protocol tcp_udp | |
| } | |
| rule 13 { | |
| description "RainMachine 1" | |
| forward-to { | |
| address 192.168.1.xxx | |
| port 443 | |
| } | |
| original-port xxx | |
| protocol tcp_udp | |
| } | |
| rule 14 { | |
| description "RainMachine 2" | |
| forward-to { | |
| address 192.168.1.xxx | |
| port 443 | |
| } | |
| original-port xxx | |
| protocol tcp_udp | |
| } | |
| rule 15 { | |
| description "RainMachine 3" | |
| forward-to { | |
| address 192.168.1.xxx | |
| port 443 | |
| } | |
| original-port xxx | |
| protocol tcp_udp | |
| } | |
| rule 16 { | |
| description "Fedora Build Server" | |
| forward-to { | |
| address 192.168.1.xxx | |
| port 22 | |
| } | |
| original-port xxx | |
| protocol tcp_udp | |
| } | |
| rule 17 { | |
| description "Mugello HTTP" | |
| forward-to { | |
| address 192.168.1.xxx | |
| port 80 | |
| } | |
| original-port xxx | |
| protocol tcp_udp | |
| } | |
| rule 18 { | |
| description "Router SSH" | |
| forward-to { | |
| address 192.168.1.1 | |
| port 22 | |
| } | |
| original-port xxx | |
| protocol tcp_udp | |
| } | |
| rule 19 { | |
| description "Router HTTPS" | |
| forward-to { | |
| address 192.168.1.1 | |
| port 443 | |
| } | |
| original-port xxx | |
| protocol tcp_udp | |
| } | |
| wan-interface eth0 | |
| } | |
| service { | |
| dhcp-server { | |
| disabled false | |
| hostfile-update disable | |
| shared-network-name Guest { | |
| authoritative disable | |
| subnet 10.0.0.0/24 { | |
| default-router 10.0.0.1 | |
| dns-server 8.8.8.8 | |
| dns-server 8.8.4.4 | |
| domain-name guest.example.com | |
| lease 86400 | |
| start 10.0.0.2 { | |
| stop 10.0.0.255 | |
| } | |
| unifi-controller 192.168.1.101 | |
| } | |
| } | |
| } | |
| dns { | |
| dynamic { | |
| interface eth0 { | |
| service afraid { | |
| host-name hostname.example.com | |
| login xxx | |
| password xxx | |
| server freedns.afraid.org | |
| } | |
| } | |
| } | |
| forwarding { | |
| cache-size 150 | |
| listen-on eth1 | |
| listen-on switch0 | |
| } | |
| } | |
| gui { | |
| https-port 443 | |
| } | |
| nat { | |
| rule 5010 { | |
| description "masquerade for WAN" | |
| outbound-interface eth0 | |
| type masquerade | |
| } | |
| } | |
| ssh { | |
| port 22 | |
| protocol-version v2 | |
| } | |
| upnp2 { | |
| listen-on switch0 | |
| nat-pmp disable | |
| secure-mode disable | |
| wan eth0 | |
| } | |
| } | |
| system { | |
| domain-name hostname.example.com | |
| host-name gateway | |
| login { | |
| user xxx { | |
| authentication { | |
| encrypted-password xxx | |
| plaintext-password "" | |
| } | |
| full-name "Steve Jenkins" | |
| level admin | |
| } | |
| } | |
| name-server 192.168.1.101 | |
| ntp { | |
| server 0.ubnt.pool.ntp.org { | |
| } | |
| server 1.ubnt.pool.ntp.org { | |
| } | |
| server 2.ubnt.pool.ntp.org { | |
| } | |
| server 3.ubnt.pool.ntp.org { | |
| } | |
| } | |
| offload { | |
| ipv4 { | |
| forwarding enable | |
| vlan enable | |
| } | |
| } | |
| package { | |
| repository wheezy { | |
| components "main contrib non-free" | |
| distribution wheezy | |
| password "" | |
| url http://ftp.us.debian.org/debian/ | |
| username "" | |
| } | |
| repository wheezy-updates { | |
| components "main contrib non-free" | |
| distribution wheezy/updates | |
| password "" | |
| url http://security.debian.org/ | |
| username "" | |
| } | |
| } | |
| syslog { | |
| global { | |
| facility all { | |
| level notice | |
| } | |
| facility protocols { | |
| level debug | |
| } | |
| } | |
| } | |
| time-zone America/Los_Angeles | |
| traffic-analysis { | |
| dpi enable | |
| export enable | |
| } | |
| } | |
| /* Warning: Do not remove the following line. */ | |
| /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@4:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */ | |
| /* Release version: v1.7.0.4783374.150622.1534 */ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment