Created
January 15, 2017 01:49
-
-
Save crmcmullen/a50124a1bea9e57b24ed0ce892b54e3f to your computer and use it in GitHub Desktop.
Working default config.boot file for Ubiquiti EdgeRouter X SFP router running v1.9.0+ to replace the CenturyLink Fiber modem
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| firewall { | |
| all-ping enable | |
| broadcast-ping disable | |
| ipv6-receive-redirects disable | |
| ipv6-src-route disable | |
| ip-src-route disable | |
| log-martians enable | |
| name WAN_IN { | |
| default-action drop | |
| description "WAN to internal" | |
| rule 10 { | |
| action accept | |
| description "Allow established/related" | |
| state { | |
| established enable | |
| related enable | |
| } | |
| } | |
| rule 20 { | |
| action drop | |
| description "Drop invalid state" | |
| state { | |
| invalid enable | |
| } | |
| } | |
| } | |
| name WAN_LOCAL { | |
| default-action drop | |
| description "WAN to router" | |
| rule 10 { | |
| action accept | |
| description "Allow established/related" | |
| state { | |
| established enable | |
| related enable | |
| } | |
| } | |
| rule 20 { | |
| action drop | |
| description "Drop invalid state" | |
| state { | |
| invalid enable | |
| } | |
| } | |
| } | |
| options { | |
| mss-clamp { | |
| interface-type pppoe | |
| mss 1452 | |
| } | |
| } | |
| receive-redirects disable | |
| send-redirects enable | |
| source-validation disable | |
| syn-cookies enable | |
| } | |
| interfaces { | |
| ethernet eth0 { | |
| description Local | |
| duplex auto | |
| speed auto | |
| } | |
| ethernet eth1 { | |
| description Local | |
| duplex auto | |
| speed auto | |
| } | |
| ethernet eth2 { | |
| description Local | |
| duplex auto | |
| speed auto | |
| } | |
| ethernet eth3 { | |
| description Local | |
| duplex auto | |
| speed auto | |
| } | |
| ethernet eth4 { | |
| description Local | |
| duplex auto | |
| speed auto | |
| } | |
| ethernet eth5 { | |
| speed auto | |
| duplex auto | |
| vif 201 { | |
| description "CenturyLink WAN (PPPoE)" | |
| pppoe 5 { | |
| default-route auto | |
| firewall { | |
| in { | |
| name WAN_IN | |
| } | |
| local { | |
| name WAN_LOCAL | |
| } | |
| } | |
| mtu 1492 | |
| name-server auto | |
| password ******** | |
| user-id [email protected] | |
| } | |
| } | |
| } | |
| loopback lo { | |
| } | |
| switch switch0 { | |
| address 192.168.1.1/24 | |
| description Local | |
| switch-port { | |
| interface eth1 | |
| interface eth2 | |
| interface eth3 | |
| interface eth4 | |
| } | |
| } | |
| } | |
| port-forward { | |
| auto-firewall enable | |
| hairpin-nat enable | |
| lan-interface switch0 | |
| wan-interface eth5.201 | |
| } | |
| service { | |
| dhcp-server { | |
| disabled false | |
| hostfile-update disable | |
| shared-network-name LAN { | |
| authoritative enable | |
| subnet 192.168.1.0/24 { | |
| default-router 192.168.1.1 | |
| dns-server 192.168.1.1 | |
| lease 86400 | |
| start 192.168.1.140 { | |
| stop 192.168.1.240 | |
| } | |
| } | |
| } | |
| } | |
| dns { | |
| forwarding { | |
| cache-size 500 | |
| listen-on switch0 | |
| name-server 8.8.8.8 | |
| name-server 8.8.4.4 | |
| } | |
| } | |
| gui { | |
| http-port 80 | |
| https-port 443 | |
| older-ciphers enable | |
| } | |
| nat { | |
| rule 5010 { | |
| outbound-interface pppoe5 | |
| type masquerade | |
| description "masquerade for WAN" | |
| } | |
| } | |
| ssh { | |
| port 22 | |
| protocol-version v2 | |
| } | |
| upnp2 { | |
| listen-on switch0 | |
| nat-pmp disable | |
| secure-mode enable | |
| wan eth5.201 | |
| } | |
| } | |
| system { | |
| host-name MyHome-Router | |
| login { | |
| user ubnt { | |
| authentication { | |
| encrypted-password $1$zKNoUbAo$gomzUbYvgyUMcD436Wo66. | |
| plaintext-password "" | |
| } | |
| full-name "UBNT Admin" | |
| level admin | |
| } | |
| } | |
| name-server 8.8.8.8 | |
| name-server 8.8.4.4 | |
| ntp { | |
| server 0.us.pool.ntp.org { | |
| } | |
| server 1.us.pool.ntp.org { | |
| } | |
| server 2.us.pool.ntp.org { | |
| } | |
| server 3.us.pool.ntp.org { | |
| } | |
| } | |
| offload { | |
| hwnat enable | |
| ipsec enable | |
| } | |
| syslog { | |
| global { | |
| facility all { | |
| level notice | |
| } | |
| facility protocols { | |
| level debug | |
| } | |
| } | |
| } | |
| time-zone America/Boise | |
| traffic-analysis { | |
| dpi enable | |
| export enable | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@jeffkirsch
Looking at the documentation here, it looks like since this is a MediaTek-based device, the "hwnat enable" in this config block should enable hardware offloading for Bridging, DPI, NAT, VLANs, GRE, & PPPoE. I may be missing something though.
My EdgeRouter X SFP should be coming this week so I hope to get it set up using this. I already bought the SFP for ethernet from the link above, so crossing my fingers everything works as expected! Thanks for sharing!
Edit: It worked! After initially upgrading the firmware, I did get some warnings after loading this config.boot file. I also had to manually run both commands to enable hardware offloading, but in the end, it worked. Now I am just waiting on my PoE injector to get here, since I mistakenly thought the ER-X-SFP's passive 24V PoE supported the power needs of the UniFi 6 Lite.