Last active
March 29, 2020 15:29
-
-
Save stevejenkins/482afbc320c8ea7f2d591ea6dbfc2dff to your computer and use it in GitHub Desktop.
ER-POE Config where remote HTTPS / SSH work
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| firewall { | |
| all-ping enable | |
| broadcast-ping disable | |
| ipv6-receive-redirects disable | |
| ipv6-src-route disable | |
| ip-src-route disable | |
| log-martians enable | |
| name WAN_IN { | |
| default-action drop | |
| description "WAN to Internal" | |
| rule 10 { | |
| action accept | |
| description "Allow established/related" | |
| state { | |
| established enable | |
| related enable | |
| } | |
| } | |
| rule 20 { | |
| action drop | |
| description "Drop invalid state" | |
| state { | |
| invalid enable | |
| } | |
| } | |
| } | |
| name WAN_LOCAL { | |
| default-action drop | |
| description "WAN to Router" | |
| enable-default-log | |
| rule 1 { | |
| action accept | |
| description "Allow established/related" | |
| state { | |
| established enable | |
| related enable | |
| } | |
| } | |
| rule 2 { | |
| action drop | |
| description "Drop invalid state" | |
| state { | |
| invalid enable | |
| } | |
| } | |
| rule 3 { | |
| action accept | |
| description "Port Forward - Router SSH" | |
| destination { | |
| address 192.168.1.1 | |
| port 22 | |
| } | |
| log disable | |
| protocol tcp | |
| time { | |
| } | |
| } | |
| rule 4 { | |
| action accept | |
| description "Port Forward - Router HTTPS" | |
| destination { | |
| address 192.168.1.1 | |
| port 443 | |
| } | |
| log disable | |
| protocol tcp | |
| } | |
| } | |
| options { | |
| mss-clamp { | |
| interface-type all | |
| mss 1412 | |
| } | |
| } | |
| receive-redirects disable | |
| send-redirects enable | |
| source-validation disable | |
| syn-cookies enable | |
| } | |
| interfaces { | |
| ethernet eth0 { | |
| address dhcp | |
| description WAN | |
| duplex auto | |
| firewall { | |
| in { | |
| name WAN_IN | |
| } | |
| local { | |
| name WAN_LOCAL | |
| } | |
| } | |
| poe { | |
| output off | |
| } | |
| speed auto | |
| } | |
| ethernet eth1 { | |
| address 192.168.2.1/24 | |
| description "LAN 2" | |
| duplex auto | |
| poe { | |
| output off | |
| } | |
| speed auto | |
| } | |
| ethernet eth2 { | |
| description LAN | |
| duplex auto | |
| poe { | |
| output 48v | |
| } | |
| speed auto | |
| } | |
| ethernet eth3 { | |
| description LAN | |
| duplex auto | |
| poe { | |
| output off | |
| } | |
| speed auto | |
| } | |
| ethernet eth4 { | |
| description LAN | |
| duplex auto | |
| poe { | |
| output 24v | |
| } | |
| speed auto | |
| } | |
| loopback lo { | |
| } | |
| switch switch0 { | |
| address 192.168.1.1/24 | |
| description "LAN Switch" | |
| mtu 1500 | |
| switch-port { | |
| interface eth2 { | |
| } | |
| interface eth3 { | |
| } | |
| interface eth4 { | |
| } | |
| vlan-aware disable | |
| } | |
| vif 102 { | |
| address 10.0.0.1/24 | |
| description "Guest Network VLAN" | |
| mtu 1500 | |
| } | |
| } | |
| } | |
| port-forward { | |
| auto-firewall enable | |
| hairpin-nat enable | |
| lan-interface switch0 | |
| rule 10 { | |
| description "Router SSH" | |
| forward-to { | |
| address 192.168.1.1 | |
| port 22 | |
| } | |
| original-port 7777 | |
| protocol tcp_udp | |
| } | |
| rule 20 { | |
| description "Router HTTPS" | |
| forward-to { | |
| address 192.168.1.1 | |
| port 443 | |
| } | |
| original-port 8888 | |
| protocol tcp_udp | |
| } | |
| wan-interface eth0 | |
| } | |
| service { | |
| dhcp-server { | |
| disabled false | |
| hostfile-update disable | |
| shared-network-name Guest { | |
| authoritative disable | |
| subnet 10.0.0.0/24 { | |
| default-router 10.0.0.1 | |
| dns-server 8.8.8.8 | |
| dns-server 8.8.4.4 | |
| domain-name guestlake.example.com | |
| lease 86400 | |
| start 10.0.0.10 { | |
| stop 10.0.0.199 | |
| } | |
| } | |
| } | |
| shared-network-name LAN { | |
| authoritative disable | |
| subnet 192.168.1.0/24 { | |
| default-router 192.168.1.1 | |
| dns-server 192.168.1.1 | |
| dns-server 8.8.8.8 | |
| domain-name lake.example.com | |
| lease 86400 | |
| start 192.168.1.101 { | |
| stop 192.168.1.255 | |
| } | |
| } | |
| } | |
| shared-network-name LAN2 { | |
| authoritative disable | |
| subnet 192.168.2.0/24 { | |
| default-router 192.168.2.1 | |
| dns-server 8.8.8.8 | |
| dns-server 8.8.4.4 | |
| domain-name configlake.example.com | |
| lease 86400 | |
| start 192.168.2.101 { | |
| stop 192.168.2.255 | |
| } | |
| } | |
| } | |
| use-dnsmasq disable | |
| } | |
| dns { | |
| dynamic { | |
| interface eth0 { | |
| service afraid { | |
| host-name lake.example.com | |
| login ******** | |
| password **************** | |
| server freedns.afraid.org | |
| } | |
| } | |
| } | |
| forwarding { | |
| cache-size 1000 | |
| listen-on switch0 | |
| name-server 192.168.1.101 | |
| name-server 8.8.8.8 | |
| name-server 8.8.4.4 | |
| system | |
| } | |
| } | |
| gui { | |
| http-port 80 | |
| https-port 443 | |
| older-ciphers enable | |
| } | |
| nat { | |
| rule 5010 { | |
| description "Masquerade for WAN" | |
| log disable | |
| outbound-interface eth0 | |
| protocol all | |
| type masquerade | |
| } | |
| } | |
| ssh { | |
| port 22 | |
| protocol-version v2 | |
| } | |
| upnp2 { | |
| listen-on switch0 | |
| nat-pmp disable | |
| secure-mode disable | |
| wan eth0 | |
| } | |
| } | |
| system { | |
| domain-name lake.example.com | |
| host-name lake-gateway | |
| login { | |
| user ********** { | |
| authentication { | |
| encrypted-password **************** | |
| plaintext-password **************** | |
| } | |
| full-name "Admin user" | |
| level admin | |
| } | |
| } | |
| name-server 8.8.8.8 | |
| name-server 8.8.4.4 | |
| ntp { | |
| server 0.ubnt.pool.ntp.org { | |
| } | |
| server 1.ubnt.pool.ntp.org { | |
| } | |
| server 2.ubnt.pool.ntp.org { | |
| } | |
| server 3.ubnt.pool.ntp.org { | |
| } | |
| } | |
| offload { | |
| hwnat disable | |
| ipsec enable | |
| ipv4 { | |
| forwarding enable | |
| vlan enable | |
| } | |
| } | |
| package { | |
| repository debian { | |
| components main | |
| distribution wheezy | |
| password "" | |
| url http://ftp.us.debian.org/debian | |
| username "" | |
| } | |
| repository wheezy { | |
| components "main contrib non-free" | |
| distribution wheezy | |
| password "" | |
| url http://http.us.debian.org/debian | |
| username "" | |
| } | |
| } | |
| syslog { | |
| global { | |
| facility all { | |
| level notice | |
| } | |
| facility protocols { | |
| level debug | |
| } | |
| } | |
| } | |
| time-zone America/Los_Angeles | |
| traffic-analysis { | |
| dpi enable | |
| export enable | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment