From 7f7392f98fd6f5efd324d2ea9a1aa07a9c793c7a Mon Sep 17 00:00:00 2001 From: Joey Hafner Date: Sun, 31 Jul 2022 20:58:00 -0700 Subject: [PATCH] Add live config.boot --- homelab/router/config/config.boot | 455 ++++++++++++++++-------------- 1 file changed, 236 insertions(+), 219 deletions(-) diff --git a/homelab/router/config/config.boot b/homelab/router/config/config.boot index 68856b5d..a9919fb7 100644 --- a/homelab/router/config/config.boot +++ b/homelab/router/config/config.boot @@ -43,223 +43,253 @@ firewall { } } } - options { - mss-clamp { - mss 1412 - } - } receive-redirects disable send-redirects enable source-validation disable syn-cookies enable } interfaces { - ethernet eth0 { - description "Internet (PPPoE)" - duplex auto - pppoe 0 { - default-route auto - firewall { - in { - name WAN_IN - } - local { - name WAN_LOCAL - } + bridge br0 { + address 192.168.1.1/24 + member { + interface eth1 { + } + interface eth2 { } - mtu 1492 - name-server auto - password **************** - user-id hafnerjoseph } + } + ethernet eth0 { + address 192.168.200.1/24 + description "Emergency ad-hoc" + duplex auto + hw-id d4:3d:7e:94:6e:eb speed auto } ethernet eth1 { - address 192.168.2.1/24 - description Local + description "Primary Switch" duplex auto + hw-id 00:15:17:b8:dc:28 + offload { + sg + tso + } speed auto } ethernet eth2 { - description "Local 2" + description "PoE Switch for WAPs" duplex auto + hw-id 00:15:17:b8:dc:29 + offload { + sg + tso + } speed auto } ethernet eth3 { - description "Local 2" - duplex auto - speed auto + description "Reserved for multi-gig switch" + hw-id 00:15:17:b8:dc:2a + offload { + sg + tso + } } ethernet eth4 { - description "Local 2" + address dhcp + description "Internet (PPPoE)" duplex auto - speed auto - } - ethernet eth5 { - description "Local 2" - duplex auto - speed auto - } - ethernet eth6 { - description "Local 2" - duplex auto - speed auto - } - ethernet eth7 { - description "Local 2" - duplex auto - speed auto - } - ethernet eth8 { - description "Local 2" - duplex auto - speed auto - } - ethernet eth9 { - description "Local 2" - duplex auto - poe { - output 24v + hw-id 00:15:17:b8:dc:2b + offload { + sg + tso } speed auto } loopback lo { } - switch switch0 { - address 192.168.1.1/24 - description "Local 2" - mtu 1500 - switch-port { - interface eth2 { - } - interface eth3 { - } - interface eth4 { - } - interface eth5 { - } - interface eth6 { - } - interface eth7 { - } - interface eth8 { - } - interface eth9 { - } - vlan-aware disable + pppoe pppoe0 { + authentication { + password **************** + user hafnerjoseph } + firewall { + in { + name WAN_IN + } + local { + name WAN_LOCAL + } + } + mtu 1492 + no-peer-dns + source-interface eth4 } } -port-forward { - auto-firewall enable - hairpin-nat enable - lan-interface switch0 - rule 1 { - description Plex - forward-to { - address 192.168.1.23 +nat { + destination { + rule 101 { + description https,http + destination { + port 443,80 + } + inbound-interface eth4 + protocol tcp_udp + translation { + address 192.168.1.23 + } } - original-port 32400 - protocol tcp_udp - } - rule 2 { - description BitTorrent - forward-to { - address 192.168.1.21 + rule 102 { + description Plex + destination { + port 32400 + } + inbound-interface eth4 + protocol tcp_udp + translation { + address 192.168.1.23 + } } - original-port 51000-51999 - protocol tcp_udp - } - rule 3 { - description WireGuard - forward-to { - address 192.168.1.23 + rule 103 { + description BitTorrent + destination { + port 50000 + } + inbound-interface eth4 + protocol tcp_udp + translation { + address 192.168.1.23 + } } - original-port 53820-53829 - protocol tcp_udp - } - rule 4 { - description Minecraft - forward-to { - address 192.168.1.23 - port 25565 + rule 104 { + description WireGuard + destination { + port 53820-53829 + } + inbound-interface eth4 + protocol tcp_udp + translation { + address 192.168.1.23 + } } - original-port 25565 - protocol tcp_udp - } - rule 5 { - description Iperf - forward-to { - address 192.168.1.23 + rule 105 { + description Minecraft + destination { + port 25565 + } + inbound-interface eth4 + protocol tcp_udp + translation { + address 192.168.1.23 + } } - original-port 50201 - protocol tcp_udp - } - rule 6 { - description https,http - forward-to { - address 192.168.1.23 + rule 106 { + description Iperf + destination { + port 50201 + } + inbound-interface eth4 + protocol tcp_udp + translation { + address 192.168.1.23 + } } - original-port 443,80 - protocol tcp_udp - } - rule 7 { - description "Peertube Live" - forward-to { - address 192.168.1.23 - port 22 + rule 107 { + description "PeerTube Live" + destination { + port 1935 + } + inbound-interface eth4 + protocol tcp_udp + translation { + address 192.168.1.23 + } } - original-port 1935 - protocol tcp_udp - } - rule 8 { - description "Git SSH" - forward-to { - address 192.168.1.23 + rule 108 { + description "Git SSH" + destination { + port 2228-2229 + } + inbound-interface eth4 + protocol tcp_udp + translation { + address 192.168.1.23 + } } - original-port 2228-2229 - protocol tcp_udp - } - rule 9 { - description SFTP - forward-to { - address 192.168.1.23 + rule 109 { + description SFTP + destination { + port 23450 + } + inbound-interface eth4 + protocol tcp_udp + translation { + address 192.168.1.23 + } } - original-port 23450 - protocol tcp_udp - } - rule 10 { - description Terraria - forward-to { - address 192.168.1.100 - port 7777 + rule 110 { + description Terraria + destination { + port 50777 + } + inbound-interface eth4 + protocol tcp_udp + translation { + address 192.168.1.100 + port 7777 + } } - original-port 50777 - protocol tcp_udp } - rule 11 { - description BitTorrent - forward-to { - address 192.168.1.23 + source { + rule 1000 { + destination { + address 192.168.1.0/24 + } + outbound-interface eth1 + source { + address 192.168.1.0/24 + } + translation { + address masquerade + } + } + rule 1001 { + destination { + address 192.168.1.0/24 + } + outbound-interface eth2 + source { + address 192.168.1.0/24 + } + translation { + address masquerade + } + } + rule 1002 { + destination { + address 192.168.1.0/24 + } + outbound-interface eth3 + source { + address 192.168.1.0/24 + } + translation { + address masquerade + } } - original-port 50000 - protocol tcp_udp } - wan-interface pppoe0 } service { dhcp-server { - disabled false - hostfile-update disable shared-network-name LAN1 { - authoritative enable + authoritative + domain-name local + domain-search local + name-server 1.1.1.1 + name-server 1.0.0.1 subnet 192.168.1.0/24 { default-router 192.168.1.1 - dns-server 1.1.1.1 - dns-server 1.0.0.1 - domain-name local lease 86400 - start 192.168.1.100 { + range 1 { + start 192.168.1.100 stop 192.168.1.254 } static-mapping U6-Lite { @@ -304,56 +334,53 @@ service { } } } - shared-network-name LAN2 { - authoritative enable - subnet 192.168.2.0/24 { - default-router 192.168.2.1 - dns-server 192.168.2.1 - lease 86400 - start 192.168.2.38 { - stop 192.168.2.243 - } - } - } - static-arp disable - use-dnsmasq enable } dns { forwarding { - cache-size 150 - listen-on switch0 + allow-from 0.0.0.0/0 + allow-from ::/0 + cache-size 1000000 + listen-address 192.168.1.1 name-server 192.168.1.1 name-server 1.1.1.1 name-server 1.0.0.1 - options strict-order system } } - gui { - http-port 8080 - https-port 4433 - older-ciphers enable - } - nat { - rule 5010 { - description "masquerade for WAN" - outbound-interface pppoe0 - type masquerade + monitoring { + telegraf { + prometheus-client { + } } } ssh { + disable-password-authentication port 22 - protocol-version v2 - } - unms { - disable } } system { - domain-name local - host-name ubnt + config-management { + commit-revisions 200 + } + conntrack { + modules { + ftp + h323 + nfs + pptp + sip + sqlnet + tftp + } + } + console { + device ttyS0 { + speed 115200 + } + } + host-name vyos login { - user admin { + user vyos { authentication { encrypted-password **************** public-keys jafner425@gmail.com { @@ -365,38 +392,28 @@ system { type ssh-rsa } } - level admin } } - name-server 127.0.0.1 + name-server 192.168.1.1 name-server 1.1.1.1 name-server 1.0.0.1 + name-server eth4 ntp { - server 0.ubnt.pool.ntp.org { + server time-a-wwv.nist.gov { } - server 1.ubnt.pool.ntp.org { + server time-b-wwv.nist.gov { } - server 2.ubnt.pool.ntp.org { + server time-c-wwv.nist.gov { } - server 3.ubnt.pool.ntp.org { + server time-d-wwv.nist.gov { } - } - offload { - hwnat enable - } - package { - repository stretch { - components "main contrib non-free" - distribution stretch - password **************** - url http://http.us.debian.org/debian - username "" + server time-e-wwv.nist.gov { } } syslog { global { facility all { - level notice + level info } facility protocols { level debug @@ -404,4 +421,4 @@ system { } } time-zone America/Los_Angeles -} \ No newline at end of file +}