-
-
Save arkan/288b40757d60500aeff1 to your computer and use it in GitHub Desktop.
orange ERL 3 - remplacement complet de la Livebox routeur
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Config pour un Ubiquiti Edge Router lite 3 | |
| ------------------------------------------ | |
| autheur: zoc, common et la communauté sur lafibre.info | |
| forum: https://lafibre.info/remplacer-livebox/en-cours-remplacer-sa-livebox-par-un-routeur-ubiquiti-edgemax/msg279881/#msg279881 | |
| La configuration du routeur est dans le fichier "boot.config". Ajuster le avec vos parametres (@mac, login fti, user, etc). | |
| Pour que la TV fonctionne, il faut également ajouter le script joint (rfc3442-classless-routes) dans /etc/dhcp3/dhclient-exit-hooks.d/ puis faire un "chmod 755 /etc/dhcp3/dhclient-exit-hooks.d/rfc3442-classless-routes". C'est le seul script nécessaire. | |
| Avec cette config, sans installer le moindre autre package, j'ai Internet + TV + VOD + Telephonie (avec asterisk + siproxd + siproxd_orange sur un raspberry PI, il manque juste les règles de firewall car elles font apparaitre l'IP de ma machine sur le LAN). | |
| LAN sur eth0 (attention, plage 192.168.66.0/24 chez moi, à adapter selon le besoin). | |
| ONT sur eth1 | |
| "Réseau dédié TV" sur eth2 (plage 192.168.2.0/24) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| firewall { | |
| all-ping enable | |
| broadcast-ping disable | |
| ipv6-receive-redirects disable | |
| ipv6-src-route disable | |
| ip-src-route disable | |
| log-martians enable | |
| name WAN_IN { | |
| default-action drop | |
| description "Packets from Internet to LAN" | |
| rule 1 { | |
| action accept | |
| description "Allow Established Sessions" | |
| log disable | |
| protocol all | |
| state { | |
| established enable | |
| invalid disable | |
| new disable | |
| related enable | |
| } | |
| } | |
| rule 2 { | |
| action drop | |
| description "Drop invalid states" | |
| log disable | |
| protocol all | |
| state { | |
| established disable | |
| invalid enable | |
| new disable | |
| related disable | |
| } | |
| } | |
| } | |
| name WAN_LOCAL { | |
| default-action drop | |
| description "Packets from Internet to the Router" | |
| rule 1 { | |
| action accept | |
| description "Allow established sessions to the router" | |
| log disable | |
| protocol all | |
| state { | |
| established enable | |
| invalid disable | |
| new disable | |
| related enable | |
| } | |
| } | |
| rule 2 { | |
| action drop | |
| description "Drop invalid state" | |
| log disable | |
| protocol all | |
| state { | |
| established disable | |
| invalid enable | |
| new disable | |
| related disable | |
| } | |
| } | |
| } | |
| options { | |
| mss-clamp { | |
| interface-type pppoe | |
| interface-type pptp | |
| interface-type tun | |
| mss 1452 | |
| } | |
| } | |
| receive-redirects disable | |
| send-redirects enable | |
| source-validation disable | |
| syn-cookies enable | |
| } | |
| interfaces { | |
| bridge br0 { | |
| address dhcp | |
| aging 300 | |
| bridged-conntrack disable | |
| description "TV - VOD" | |
| dhcp-options { | |
| client-option "send vendor-class-identifier "sagem";" | |
| client-option "send user-class "\047FSVDSL_livebox.MLTV.softathome.Livebox3";" | |
| client-option "request subnet-mask, routers, rfc3442-classless-static-routes;" | |
| client-option "send dhcp-client-identifier 1:XX:XX:XX:XX:XX:XX;" | |
| } | |
| hello-time 2 | |
| max-age 20 | |
| priority 32768 | |
| promiscuous disable | |
| stp false | |
| } | |
| ethernet eth0 { | |
| address 192.168.66.1/24 | |
| description "Local Network" | |
| duplex auto | |
| speed auto | |
| } | |
| ethernet eth1 { | |
| description ONT | |
| duplex auto | |
| speed auto | |
| vif 835 { | |
| address dhcp | |
| description "VLAN Internet" | |
| pppoe 0 { | |
| default-route auto | |
| description "FTTH Orange" | |
| firewall { | |
| in { | |
| name WAN_IN | |
| } | |
| local { | |
| name WAN_LOCAL | |
| } | |
| } | |
| mtu 1492 | |
| name-server auto | |
| password xxxxxxx | |
| user-id xxxxxxx | |
| } | |
| } | |
| vif 838 { | |
| bridge-group { | |
| bridge br0 | |
| } | |
| description "VLAN TV VOD" | |
| egress-qos "0:4 1:4 2:4 3:4 4:4 5:4 6:4 7:4" | |
| } | |
| vif 840 { | |
| bridge-group { | |
| bridge br0 | |
| } | |
| description "VLAN TV Canal 1 - Zap" | |
| egress-qos "0:5 1:5 2:5 3:5 4:5 5:5 6:5 7:5" | |
| } | |
| } | |
| ethernet eth2 { | |
| address 192.168.2.1/24 | |
| description "Livebox Network" | |
| duplex auto | |
| speed auto | |
| } | |
| loopback lo { | |
| } | |
| } | |
| protocols { | |
| igmp-proxy { | |
| disable-quickleave | |
| interface br0 { | |
| alt-subnet 0.0.0.0/0 | |
| role upstream | |
| threshold 1 | |
| } | |
| interface eth0 { | |
| role disabled | |
| threshold 1 | |
| } | |
| interface eth2 { | |
| alt-subnet 0.0.0.0/0 | |
| role downstream | |
| threshold 1 | |
| } | |
| } | |
| } | |
| service { | |
| dhcp-server { | |
| disabled false | |
| hostfile-update disable | |
| shared-network-name LOCAL_NETWORK { | |
| authoritative enable | |
| subnet 192.168.66.0/24 { | |
| default-router 192.168.66.1 | |
| dns-server 192.168.66.1 | |
| lease 86400 | |
| start 192.168.66.100 { | |
| stop 192.168.66.200 | |
| } | |
| } | |
| } | |
| shared-network-name Livebox { | |
| authoritative enable | |
| subnet 192.168.2.0/24 { | |
| default-router 192.168.2.1 | |
| dns-server 192.168.2.1 | |
| lease 86400 | |
| start 192.168.2.21 { | |
| stop 192.168.2.200 | |
| } | |
| } | |
| } | |
| } | |
| dns { | |
| forwarding { | |
| cache-size 1000 | |
| listen-on eth2 | |
| listen-on eth0 | |
| } | |
| } | |
| gui { | |
| https-port 443 | |
| } | |
| nat { | |
| rule 5010 { | |
| description "Masquerading outgoing connections" | |
| log disable | |
| outbound-interface pppoe0 | |
| protocol all | |
| type masquerade | |
| } | |
| rule 5011 { | |
| description "Masquerading Livebox network" | |
| log disable | |
| outbound-interface br0 | |
| protocol all | |
| type masquerade | |
| } | |
| } | |
| ssh { | |
| port 22 | |
| protocol-version v2 | |
| } | |
| upnp2 { | |
| listen-on eth0 | |
| listen-on eth2 | |
| nat-pmp enable | |
| secure-mode disable | |
| wan pppoe0 | |
| } | |
| } | |
| system { | |
| config-management { | |
| commit-revisions 5 | |
| } | |
| conntrack { | |
| expect-table-size 4096 | |
| hash-size 4096 | |
| table-size 32768 | |
| tcp { | |
| half-open-connections 512 | |
| loose disable | |
| max-retrans 3 | |
| } | |
| } | |
| login { | |
| user xxxxxxxx { | |
| authentication { | |
| encrypted-password xxxxxxxxxxxxxxxx | |
| plaintext-password "" | |
| } | |
| full-name "administrator" | |
| level admin | |
| } | |
| } | |
| ntp { | |
| server 0.ubnt.pool.ntp.org { | |
| } | |
| server 1.ubnt.pool.ntp.org { | |
| } | |
| server 2.ubnt.pool.ntp.org { | |
| } | |
| server 3.ubnt.pool.ntp.org { | |
| } | |
| } | |
| offload { | |
| ipsec enable | |
| ipv4 { | |
| forwarding enable | |
| pppoe enable | |
| vlan enable | |
| } | |
| ipv6 { | |
| forwarding enable | |
| } | |
| } | |
| syslog { | |
| global { | |
| facility all { | |
| level notice | |
| } | |
| facility protocols { | |
| level warning | |
| } | |
| } | |
| } | |
| time-zone Europe/Paris | |
| traffic-analysis { | |
| dpi disable | |
| export disable | |
| } | |
| } | |
| /* Warning: Do not remove the following line. */ | |
| /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@4:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */ | |
| /* Release version: v1.7.0.4783374.150622.1534 */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # set classless routes based on the format specified in RFC3442 | |
| # e.g.: | |
| # new_rfc3442_classless_static_routes='24 192 168 10 192 168 1 1 8 10 10 17 66 41' | |
| # specifies the routes: | |
| # 192.168.10.0/24 via 192.168.1.1 | |
| # 10.0.0.0/8 via 10.10.17.66.41 | |
| RUN="yes" | |
| if [ "$RUN" = "yes" ]; then | |
| if [ -n "$new_rfc3442_classless_static_routes" ]; then | |
| if [ "$reason" = "BOUND" ] || [ "$reason" = "REBOOT" ]; then | |
| set -- $new_rfc3442_classless_static_routes | |
| while [ $# -gt 0 ]; do | |
| net_length=$1 | |
| via_arg='' | |
| case $net_length in | |
| 32|31|30|29|28|27|26|25) | |
| net_address="${2}.${3}.${4}.${5}" | |
| gateway="${6}.${7}.${8}.${9}" | |
| shift 9 | |
| ;; | |
| 24|23|22|21|20|19|18|17) | |
| net_address="${2}.${3}.${4}.0" | |
| gateway="${5}.${6}.${7}.${8}" | |
| shift 8 | |
| ;; | |
| 16|15|14|13|12|11|10|9) | |
| net_address="${2}.${3}.0.0" | |
| gateway="${4}.${5}.${6}.${7}" | |
| shift 7 | |
| ;; | |
| 8|7|6|5|4|3|2|1) | |
| net_address="${2}.0.0.0" | |
| gateway="${3}.${4}.${5}.${6}" | |
| shift 6 | |
| ;; | |
| 0) # default route | |
| net_address="0.0.0.0" | |
| gateway="${2}.${3}.${4}.${5}" | |
| shift 5 | |
| ;; | |
| *) # error | |
| return 1 | |
| ;; | |
| esac | |
| # take care of link-local routes | |
| if [ "${gateway}" != '0.0.0.0' ]; then | |
| via_arg="via ${gateway}" | |
| fi | |
| # set route (ip detects host routes automatically) | |
| ip -4 route add "${net_address}/${net_length}" \ | |
| ${via_arg} dev "${interface}" >/dev/null 2>&1 | |
| done | |
| fi | |
| fi | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment