| firewall { | |
| all-ping enable | |
| broadcast-ping disable | |
| config-trap disable | |
| group { | |
| network-group Private_IPs { | |
| network 10.0.0.0/8 | |
| network 127.0.0.0/8 | |
| network 172.16.0.0/12 | |
| network 192.168.0.0/16 | |
| network 168.254.0.0/16 | |
| network 169.254.0.0/16 | |
| network 192.0.2.0/24 | |
| network 224.0.0.0/4 | |
| network 240.0.0.0/4 | |
| } | |
| port-group NetBIOS_TCP { | |
| port 135-139 | |
| port 445 | |
| } | |
| port-group NetBIOS_UDP { | |
| port 137-138 | |
| } | |
| } | |
| ipv6-receive-redirects disable | |
| ipv6-src-route disable | |
| ip-src-route disable | |
| log-martians enable | |
| name accept_all { | |
| default-action accept | |
| } | |
| name private_to_public { | |
| default-action accept | |
| rule 9 { | |
| action accept | |
| description "Allow admin of Vigor 130" | |
| destination { | |
| address 192.168.5.2 | |
| port 443 | |
| } | |
| protocol tcp | |
| source { | |
| address 192.168.3.100 | |
| } | |
| } | |
| rule 10 { | |
| action drop | |
| description "Stop Local Addresses traversing the WEB" | |
| destination { | |
| group { | |
| network-group Private_IPs | |
| } | |
| } | |
| } | |
| rule 20 { | |
| action drop | |
| description "Block NetBIOS from LAN to WEB" | |
| destination { | |
| group { | |
| port-group NetBIOS_TCP | |
| } | |
| } | |
| protocol tcp | |
| } | |
| rule 21 { | |
| action drop | |
| description "Block NetBIOS from LAN to WEB" | |
| destination { | |
| group { | |
| port-group NetBIOS_UDP | |
| } | |
| } | |
| protocol udp | |
| } | |
| } | |
| name public_to_private { | |
| default-action drop | |
| rule 10 { | |
| action accept | |
| destination { | |
| address 192.168.3.205 | |
| port 58444 | |
| } | |
| protocol tcp | |
| } | |
| rule 12 { | |
| action accept | |
| destination { | |
| address 192.168.3.205 | |
| port 64504 | |
| } | |
| protocol udp | |
| } | |
| } | |
| receive-redirects disable | |
| send-redirects enable | |
| source-validation disable | |
| state-policy { | |
| established { | |
| action accept | |
| } | |
| related { | |
| action accept | |
| } | |
| } | |
| syn-cookies enable | |
| twa-hazards-protection disable | |
| } | |
| interfaces { | |
| ethernet eth0 { | |
| address 192.168.3.1/24 | |
| duplex auto | |
| hw-id 4c:02:89:12:16:ce | |
| smp-affinity auto | |
| speed auto | |
| } | |
| ethernet eth1 { | |
| address 192.168.1.1/24 | |
| duplex auto | |
| hw-id 4c:02:89:12:16:cf | |
| smp-affinity auto | |
| speed auto | |
| } | |
| ethernet eth2 { | |
| address 192.168.4.1/24 | |
| duplex auto | |
| hw-id 4c:02:89:12:16:d0 | |
| smp-affinity auto | |
| speed auto | |
| } | |
| ethernet eth3 { | |
| address 192.168.5.1/24 | |
| duplex auto | |
| hw-id 4c:02:89:12:16:d1 | |
| mtu 1508 | |
| pppoe 0 { | |
| default-route auto | |
| mtu 1500 | |
| name-server none | |
| password 1234 | |
| traffic-policy { | |
| out myshaper-out | |
| } | |
| user-id [email protected] | |
| } | |
| smp-affinity auto | |
| speed auto | |
| } | |
| loopback lo { | |
| } | |
| } | |
| nat { | |
| destination { | |
| rule 10 { | |
| description "e-mule to Junksurfing VM" | |
| destination { | |
| port 58444 | |
| } | |
| inbound-interface pppoe0 | |
| protocol tcp | |
| translation { | |
| address 192.168.3.205 | |
| } | |
| } | |
| rule 11 { | |
| description "e-mule to Junksurfing VM" | |
| destination { | |
| port 64504 | |
| } | |
| inbound-interface pppoe0 | |
| protocol udp | |
| translation { | |
| address 192.168.3.205 | |
| } | |
| } | |
| } | |
| source { | |
| rule 10 { | |
| outbound-interface pppoe0 | |
| translation { | |
| address masquerade | |
| } | |
| } | |
| } | |
| } | |
| service { | |
| dhcp-server { | |
| shared-network-name ETH0_Pool { | |
| subnet 192.168.3.0/24 { | |
| default-router 192.168.3.1 | |
| dns-server 192.168.3.1 | |
| lease 86400 | |
| range 0 { | |
| start 192.168.3.100 | |
| stop 192.168.3.199 | |
| } | |
| static-mapping JunkSurfing { | |
| ip-address 192.168.3.205 | |
| mac-address 00:0C:29:AB:B5:40 | |
| } | |
| static-mapping NB0001 { | |
| ip-address 192.168.3.100 | |
| mac-address EC:F4:BB:40:22:CE | |
| } | |
| } | |
| } | |
| shared-network-name ETH1_Pool { | |
| subnet 192.168.1.0/24 { | |
| default-router 192.168.1.1 | |
| dns-server 192.168.1.1 | |
| lease 86400 | |
| range 0 { | |
| start 192.168.1.100 | |
| stop 192.168.1.199 | |
| } | |
| static-mapping SamsungTV { | |
| ip-address 192.168.1.103 | |
| mac-address cc:b1:1a:70:ab:95 | |
| } | |
| } | |
| } | |
| shared-network-name ETH2_Pool { | |
| subnet 192.168.4.0/24 { | |
| default-router 192.168.4.1 | |
| dns-server 192.168.4.1 | |
| lease 86400 | |
| range 0 { | |
| start 192.168.4.100 | |
| stop 192.168.4.199 | |
| } | |
| } | |
| } | |
| } | |
| dns { | |
| forwarding { | |
| allow-from 0.0.0.0/0 | |
| allow-from ::/0 | |
| cache-size 150 | |
| listen-address 192.168.1.1 | |
| listen-address 192.168.3.1 | |
| listen-address 192.168.4.1 | |
| name-server 194.72.6.51 | |
| name-server 194.74.65.69 | |
| } | |
| } | |
| ssh { | |
| listen-address 192.168.3.1 | |
| port 22 | |
| } | |
| } | |
| system { | |
| config-management { | |
| commit-revisions 20 | |
| } | |
| conntrack { | |
| expect-table-size 2048 | |
| hash-size 32768 | |
| modules { | |
| sip { | |
| disable | |
| } | |
| } | |
| table-size 262144 | |
| } | |
| console { | |
| device ttyS0 { | |
| speed 9600 | |
| } | |
| } | |
| host-name home-r1 | |
| login { | |
| user root { | |
| authentication { | |
| encrypted-password | |
| plaintext-password "" | |
| } | |
| level admin | |
| } | |
| user stevep { | |
| authentication { | |
| encrypted-password | |
| plaintext-password "" | |
| } | |
| full-name "Steve Palmer" | |
| level admin | |
| } | |
| user vyos { | |
| authentication { | |
| encrypted-password | |
| plaintext-password "" | |
| } | |
| level admin | |
| } | |
| } | |
| name-server 8.8.8.8 | |
| ntp { | |
| server 0.pool.ntp.org { | |
| } | |
| server 1.pool.ntp.org { | |
| } | |
| server 2.pool.ntp.org { | |
| } | |
| } | |
| syslog { | |
| global { | |
| facility all { | |
| level notice | |
| } | |
| facility protocols { | |
| level debug | |
| } | |
| } | |
| } | |
| time-zone Europe/London | |
| } | |
| traffic-policy { | |
| shaper myshaper-out { | |
| bandwidth 6480kbit | |
| class 2 { | |
| bandwidth 30% | |
| burst 50kb | |
| ceiling 100% | |
| description "Syn ack bufferbloat out" | |
| match tiny4 { | |
| ip { | |
| max-length 256 | |
| tcp { | |
| ack | |
| syn | |
| } | |
| } | |
| } | |
| match tiny6 { | |
| ip { | |
| max-length 256 | |
| tcp { | |
| ack | |
| syn | |
| } | |
| } | |
| } | |
| queue-type fq-codel | |
| } | |
| default { | |
| bandwidth 70% | |
| burst 250kb | |
| ceiling 100% | |
| queue-type fq-codel | |
| } | |
| } | |
| } | |
| zone-policy { | |
| zone local { | |
| default-action drop | |
| from private { | |
| firewall { | |
| name accept_all | |
| } | |
| } | |
| local-zone | |
| } | |
| zone private { | |
| default-action drop | |
| description "Private Zone" | |
| from public { | |
| firewall { | |
| name public_to_private | |
| } | |
| } | |
| interface eth0 | |
| interface eth1 | |
| interface eth2 | |
| } | |
| zone public { | |
| default-action drop | |
| description "Public Zone" | |
| from private { | |
| firewall { | |
| name private_to_public | |
| } | |
| } | |
| interface pppoe0 | |
| interface eth3 | |
| } | |
| } | |
| /* Warning: Do not remove the following line. */ | |
| /* === vyatta-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@1:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dns-forwarding@2:firewall@5:interfaces@4:ipsec@5:l2tp@2:lldp@1:mdns@1:nat@4:ntp@1:pptp@1:qos@1:quagga@4:snmp@1:ssh@1:system@15:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webgui@1:webproxy@2:zone-policy@1" === */ | |
| /* Release version: 1.3-rolling-202002050217 */ |
File Metadata
File Metadata
- Mime Type
- text/plain
- Storage Engine
- local-disk
- Storage Format
- Raw Data
- Storage Handle
- 7f/23/22af2c1090d5039af1fed55eb2c5
- Default Alt Text
- config-05.boot (9 KB)