firewall { | |
all-ping enable | |
broadcast-ping disable | |
config-trap disable | |
group { | |
network-group Private_IPs { | |
network 10.0.0.0/8 | |
network 127.0.0.0/8 | |
network 172.16.0.0/12 | |
network 192.168.0.0/16 | |
network 168.254.0.0/16 | |
network 169.254.0.0/16 | |
network 192.0.2.0/24 | |
network 224.0.0.0/4 | |
network 240.0.0.0/4 | |
} | |
port-group NetBIOS_TCP { | |
port 135-139 | |
port 445 | |
} | |
port-group NetBIOS_UDP { | |
port 137-138 | |
} | |
} | |
ipv6-receive-redirects disable | |
ipv6-src-route disable | |
ip-src-route disable | |
log-martians enable | |
name accept_all { | |
default-action accept | |
} | |
name private_to_public { | |
default-action accept | |
rule 9 { | |
action accept | |
description "Allow admin of Vigor 130" | |
destination { | |
address 192.168.5.2 | |
port 443 | |
} | |
protocol tcp | |
source { | |
address 192.168.3.100 | |
} | |
} | |
rule 10 { | |
action drop | |
description "Stop Local Addresses traversing the WEB" | |
destination { | |
group { | |
network-group Private_IPs | |
} | |
} | |
} | |
rule 20 { | |
action drop | |
description "Block NetBIOS from LAN to WEB" | |
destination { | |
group { | |
port-group NetBIOS_TCP | |
} | |
} | |
protocol tcp | |
} | |
rule 21 { | |
action drop | |
description "Block NetBIOS from LAN to WEB" | |
destination { | |
group { | |
port-group NetBIOS_UDP | |
} | |
} | |
protocol udp | |
} | |
} | |
name public_to_private { | |
default-action drop | |
rule 10 { | |
action accept | |
destination { | |
address 192.168.3.205 | |
port 58444 | |
} | |
protocol tcp | |
} | |
rule 12 { | |
action accept | |
destination { | |
address 192.168.3.205 | |
port 64504 | |
} | |
protocol udp | |
} | |
} | |
receive-redirects disable | |
send-redirects enable | |
source-validation disable | |
state-policy { | |
established { | |
action accept | |
} | |
related { | |
action accept | |
} | |
} | |
syn-cookies enable | |
twa-hazards-protection disable | |
} | |
interfaces { | |
ethernet eth0 { | |
address 192.168.3.1/24 | |
duplex auto | |
hw-id 4c:02:89:12:16:ce | |
smp-affinity auto | |
speed auto | |
} | |
ethernet eth1 { | |
address 192.168.1.1/24 | |
duplex auto | |
hw-id 4c:02:89:12:16:cf | |
smp-affinity auto | |
speed auto | |
} | |
ethernet eth2 { | |
address 192.168.4.1/24 | |
duplex auto | |
hw-id 4c:02:89:12:16:d0 | |
smp-affinity auto | |
speed auto | |
} | |
ethernet eth3 { | |
address 192.168.5.1/24 | |
duplex auto | |
hw-id 4c:02:89:12:16:d1 | |
mtu 1508 | |
pppoe 0 { | |
default-route auto | |
mtu 1500 | |
name-server none | |
password 1234 | |
traffic-policy { | |
out myshaper-out | |
} | |
user-id [email protected] | |
} | |
smp-affinity auto | |
speed auto | |
} | |
loopback lo { | |
} | |
} | |
nat { | |
destination { | |
rule 10 { | |
description "e-mule to Junksurfing VM" | |
destination { | |
port 58444 | |
} | |
inbound-interface pppoe0 | |
protocol tcp | |
translation { | |
address 192.168.3.205 | |
} | |
} | |
rule 11 { | |
description "e-mule to Junksurfing VM" | |
destination { | |
port 64504 | |
} | |
inbound-interface pppoe0 | |
protocol udp | |
translation { | |
address 192.168.3.205 | |
} | |
} | |
} | |
source { | |
rule 10 { | |
outbound-interface pppoe0 | |
translation { | |
address masquerade | |
} | |
} | |
} | |
} | |
service { | |
dhcp-server { | |
shared-network-name ETH0_Pool { | |
subnet 192.168.3.0/24 { | |
default-router 192.168.3.1 | |
dns-server 192.168.3.1 | |
lease 86400 | |
range 0 { | |
start 192.168.3.100 | |
stop 192.168.3.199 | |
} | |
static-mapping JunkSurfing { | |
ip-address 192.168.3.205 | |
mac-address 00:0C:29:AB:B5:40 | |
} | |
static-mapping NB0001 { | |
ip-address 192.168.3.100 | |
mac-address EC:F4:BB:40:22:CE | |
} | |
} | |
} | |
shared-network-name ETH1_Pool { | |
subnet 192.168.1.0/24 { | |
default-router 192.168.1.1 | |
dns-server 192.168.1.1 | |
lease 86400 | |
range 0 { | |
start 192.168.1.100 | |
stop 192.168.1.199 | |
} | |
static-mapping SamsungTV { | |
ip-address 192.168.1.103 | |
mac-address cc:b1:1a:70:ab:95 | |
} | |
} | |
} | |
shared-network-name ETH2_Pool { | |
subnet 192.168.4.0/24 { | |
default-router 192.168.4.1 | |
dns-server 192.168.4.1 | |
lease 86400 | |
range 0 { | |
start 192.168.4.100 | |
stop 192.168.4.199 | |
} | |
} | |
} | |
} | |
dns { | |
forwarding { | |
allow-from 0.0.0.0/0 | |
allow-from ::/0 | |
cache-size 150 | |
listen-address 192.168.1.1 | |
listen-address 192.168.3.1 | |
listen-address 192.168.4.1 | |
name-server 194.72.6.51 | |
name-server 194.74.65.69 | |
} | |
} | |
ssh { | |
listen-address 192.168.3.1 | |
port 22 | |
} | |
} | |
system { | |
config-management { | |
commit-revisions 20 | |
} | |
conntrack { | |
expect-table-size 2048 | |
hash-size 32768 | |
modules { | |
sip { | |
disable | |
} | |
} | |
table-size 262144 | |
} | |
console { | |
device ttyS0 { | |
speed 9600 | |
} | |
} | |
host-name home-r1 | |
login { | |
user root { | |
authentication { | |
encrypted-password | |
plaintext-password "" | |
} | |
level admin | |
} | |
user stevep { | |
authentication { | |
encrypted-password | |
plaintext-password "" | |
} | |
full-name "Steve Palmer" | |
level admin | |
} | |
user vyos { | |
authentication { | |
encrypted-password | |
plaintext-password "" | |
} | |
level admin | |
} | |
} | |
name-server 8.8.8.8 | |
ntp { | |
server 0.pool.ntp.org { | |
} | |
server 1.pool.ntp.org { | |
} | |
server 2.pool.ntp.org { | |
} | |
} | |
syslog { | |
global { | |
facility all { | |
level notice | |
} | |
facility protocols { | |
level debug | |
} | |
} | |
} | |
time-zone Europe/London | |
} | |
traffic-policy { | |
shaper myshaper-out { | |
bandwidth 6480kbit | |
class 2 { | |
bandwidth 30% | |
burst 50kb | |
ceiling 100% | |
description "Syn ack bufferbloat out" | |
match tiny4 { | |
ip { | |
max-length 256 | |
tcp { | |
ack | |
syn | |
} | |
} | |
} | |
match tiny6 { | |
ip { | |
max-length 256 | |
tcp { | |
ack | |
syn | |
} | |
} | |
} | |
queue-type fq-codel | |
} | |
default { | |
bandwidth 70% | |
burst 250kb | |
ceiling 100% | |
queue-type fq-codel | |
} | |
} | |
} | |
zone-policy { | |
zone local { | |
default-action drop | |
from private { | |
firewall { | |
name accept_all | |
} | |
} | |
local-zone | |
} | |
zone private { | |
default-action drop | |
description "Private Zone" | |
from public { | |
firewall { | |
name public_to_private | |
} | |
} | |
interface eth0 | |
interface eth1 | |
interface eth2 | |
} | |
zone public { | |
default-action drop | |
description "Public Zone" | |
from private { | |
firewall { | |
name private_to_public | |
} | |
} | |
interface pppoe0 | |
interface eth3 | |
} | |
} | |
/* Warning: Do not remove the following line. */ | |
/* === vyatta-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@1:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dns-forwarding@2:firewall@5:interfaces@4:ipsec@5:l2tp@2:lldp@1:mdns@1:nat@4:ntp@1:pptp@1:qos@1:quagga@4:snmp@1:ssh@1:system@15:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webgui@1:webproxy@2:zone-policy@1" === */ | |
/* Release version: 1.3-rolling-202002050217 */ |
File Metadata
File Metadata
- Mime Type
- text/plain
- Storage Engine
- local-disk
- Storage Format
- Raw Data
- Storage Handle
- 7f/23/22af2c1090d5039af1fed55eb2c5
- Default Alt Text
- config-05.boot (9 KB)