Jafner/homelab
1
1
Fork 0
Code Issues 15 Pull Requests Actions Packages Projects Releases Wiki Activity

Reorganize boot config files

Browse Source
This commit is contained in:
Joey Hafner 2022-07-31 20:57:44 -07:00
parent 72595b098f
commit 338ef71da2
2 changed files with 407 additions and 208 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

208
router/config/config.boot-commands
View File

@ -1,208 +0,0 @@
set firewall all-ping enable
set firewall broadcast-ping disable
set firewall ipv6-receive-redirects disable
set firewall ipv6-src-route disable
set firewall ip-src-route disable
set firewall log-martians enable
set firewall name WAN_IN default-action drop
set firewall name WAN_IN description 'WAN to internal'
set firewall name WAN_IN rule 10 action accept
set firewall name WAN_IN rule 10 description 'Allow established/related'
set firewall name WAN_IN rule 10 state established enable
set firewall name WAN_IN rule 10 state related enable
set firewall name WAN_IN rule 20 action drop
set firewall name WAN_IN rule 20 description 'Drop invalid state'
set firewall name WAN_IN rule 20 state invalid enable
set firewall name WAN_LOCAL default-action drop
set firewall name WAN_LOCAL description 'WAN to router'
set firewall name WAN_LOCAL rule 10 action accept
set firewall name WAN_LOCAL rule 10 description 'Allow established/related'
set firewall name WAN_LOCAL rule 10 state established enable
set firewall name WAN_LOCAL rule 10 state related enable
set firewall name WAN_LOCAL rule 30 action drop
set firewall name WAN_LOCAL rule 30 description 'Drop invalid state'
set firewall name WAN_LOCAL rule 30 state invalid enable
set firewall options mss-clamp mss 1412
set firewall receive-redirects disable
set firewall send-redirects enable
set firewall source-validation disable
set firewall syn-cookies enable
set interfaces ethernet eth0 description 'Internet (PPPoE)'
set interfaces ethernet eth0 duplex auto
set interfaces ethernet eth0 pppoe 0 default-route auto
set interfaces ethernet eth0 pppoe 0 firewall in name WAN_IN
set interfaces ethernet eth0 pppoe 0 firewall local name WAN_LOCAL
set interfaces ethernet eth0 pppoe 0 mtu 1492
set interfaces ethernet eth0 pppoe 0 name-server auto
set interfaces ethernet eth0 pppoe 0 password 24ydrUYs
set interfaces ethernet eth0 pppoe 0 user-id hafnerjoseph
set interfaces ethernet eth0 speed auto
set interfaces ethernet eth1 address 192.168.2.1/24
set interfaces ethernet eth1 description Local
set interfaces ethernet eth1 duplex auto
set interfaces ethernet eth1 speed auto
set interfaces ethernet eth2 description 'Local 2'
set interfaces ethernet eth2 duplex auto
set interfaces ethernet eth2 speed auto
set interfaces ethernet eth3 description 'Local 2'
set interfaces ethernet eth3 duplex auto
set interfaces ethernet eth3 speed auto
set interfaces ethernet eth4 description 'Local 2'
set interfaces ethernet eth4 duplex auto
set interfaces ethernet eth4 speed auto
set interfaces ethernet eth5 description 'Local 2'
set interfaces ethernet eth5 duplex auto
set interfaces ethernet eth5 speed auto
set interfaces ethernet eth6 description 'Local 2'
set interfaces ethernet eth6 duplex auto
set interfaces ethernet eth6 speed auto
set interfaces ethernet eth7 description 'Local 2'
set interfaces ethernet eth7 duplex auto
set interfaces ethernet eth7 speed auto
set interfaces ethernet eth8 description 'Local 2'
set interfaces ethernet eth8 duplex auto
set interfaces ethernet eth8 speed auto
set interfaces ethernet eth9 description 'Local 2'
set interfaces ethernet eth9 duplex auto
set interfaces ethernet eth9 poe output 24v
set interfaces ethernet eth9 speed auto
set interfaces loopback lo
set interfaces switch switch0 address 192.168.1.1/24
set interfaces switch switch0 description 'Local 2'
set interfaces switch switch0 mtu 1500
set interfaces switch switch0 switch-port interface eth2
set interfaces switch switch0 switch-port interface eth3
set interfaces switch switch0 switch-port interface eth4
set interfaces switch switch0 switch-port interface eth5
set interfaces switch switch0 switch-port interface eth6
set interfaces switch switch0 switch-port interface eth7
set interfaces switch switch0 switch-port interface eth8
set interfaces switch switch0 switch-port interface eth9
set interfaces switch switch0 switch-port vlan-aware disable
set port-forward auto-firewall enable
set port-forward hairpin-nat enable
set port-forward lan-interface switch0
set port-forward rule 1 description Plex
set port-forward rule 1 forward-to address 192.168.1.23
set port-forward rule 1 original-port 32400
set port-forward rule 1 protocol tcp_udp
set port-forward rule 2 description BitTorrent
set port-forward rule 2 forward-to address 192.168.1.21
set port-forward rule 2 original-port 51000-51999
set port-forward rule 2 protocol tcp_udp
set port-forward rule 3 description WireGuard
set port-forward rule 3 forward-to address 192.168.1.23
set port-forward rule 3 original-port 53820-53829
set port-forward rule 3 protocol tcp_udp
set port-forward rule 4 description Minecraft
set port-forward rule 4 forward-to address 192.168.1.23
set port-forward rule 4 forward-to port 25565
set port-forward rule 4 original-port 25565
set port-forward rule 4 protocol tcp_udp
set port-forward rule 5 description Iperf
set port-forward rule 5 forward-to address 192.168.1.23
set port-forward rule 5 original-port 50201
set port-forward rule 5 protocol tcp_udp
set port-forward rule 6 description https,http
set port-forward rule 6 forward-to address 192.168.1.23
set port-forward rule 6 original-port 443,80
set port-forward rule 6 protocol tcp_udp
set port-forward rule 7 description 'Peertube Live'
set port-forward rule 7 forward-to address 192.168.1.23
set port-forward rule 7 forward-to port 22
set port-forward rule 7 original-port 1935
set port-forward rule 7 protocol tcp_udp
set port-forward rule 8 description 'Git SSH'
set port-forward rule 8 forward-to address 192.168.1.23
set port-forward rule 8 original-port 2228-2229
set port-forward rule 8 protocol tcp_udp
set port-forward rule 9 description SFTP
set port-forward rule 9 forward-to address 192.168.1.23
set port-forward rule 9 original-port 23450
set port-forward rule 9 protocol tcp_udp
set port-forward rule 10 description Terraria
set port-forward rule 10 forward-to address 192.168.1.100
set port-forward rule 10 forward-to port 7777
set port-forward rule 10 original-port 50777
set port-forward rule 10 protocol tcp_udp
set port-forward rule 11 description BitTorrent
set port-forward rule 11 forward-to address 192.168.1.23
set port-forward rule 11 original-port 50000
set port-forward rule 11 protocol tcp_udp
set port-forward wan-interface pppoe0
set service dhcp-server disabled false
set service dhcp-server hostfile-update disable
set service dhcp-server shared-network-name LAN1 authoritative enable
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 default-router 192.168.1.1
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 dns-server 1.1.1.1
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 dns-server 1.0.0.1
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 domain-name local
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 lease 86400
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 start 192.168.1.100 stop 192.168.1.254
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping U6-Lite ip-address 192.168.1.3
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping U6-Lite mac-address '78:45:58:67:87:14'
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping UAP-AC-LR ip-address 192.168.1.2
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping UAP-AC-LR mac-address '18:e8:29:50:f7:5b'
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping joey-nas ip-address 192.168.1.10
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping joey-nas mac-address '40:8d:5c:52:41:89'
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping joey-seedbox ip-address 192.168.1.21
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping joey-seedbox mac-address '24:4b:fe:57:bc:85'
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping joey-server ip-address 192.168.1.23
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping joey-server mac-address '24:4b:fe:8b:f3:b0'
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping joeyPrinter ip-address 192.168.1.60
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping joeyPrinter mac-address '9c:32:ce:7c:f8:25'
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping pihole ip-address 192.168.1.22
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping pihole mac-address 'b8:27:eb:3c:8e:bb'
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping tasmota-1 ip-address 192.168.1.50
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping tasmota-1 mac-address '3C:61:05:F6:44:1E'
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping tasmota-2 ip-address 192.168.1.51
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping tasmota-2 mac-address '3c:61:05:f6:d7:d3'
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping tasmota-3 ip-address 192.168.1.52
set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 static-mapping tasmota-3 mac-address '3c:61:05:f6:f0:62'
set service dhcp-server shared-network-name LAN2 authoritative enable
set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 default-router 192.168.2.1
set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 dns-server 192.168.2.1
set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 lease 86400
set service dhcp-server shared-network-name LAN2 subnet 192.168.2.0/24 start 192.168.2.38 stop 192.168.2.243
set service dhcp-server static-arp disable
set service dhcp-server use-dnsmasq enable
set service dns forwarding cache-size 150
set service dns forwarding listen-on switch0
set service dns forwarding name-server 192.168.1.1
set service dns forwarding name-server 1.1.1.1
set service dns forwarding name-server 1.0.0.1
set service dns forwarding options strict-order
set service dns forwarding system
set service gui http-port 8080
set service gui https-port 4433
set service gui older-ciphers enable
set service nat rule 5010 description 'masquerade for WAN'
set service nat rule 5010 outbound-interface pppoe0
set service nat rule 5010 type masquerade
set service ssh port 22
set service ssh protocol-version v2
set service unms disable
set system domain-name local
set system host-name ubnt
set system login user admin authentication encrypted-password '$5$j8QJRFCpc2Pc90kV$AA7DbPJldnwMlahDbbFWf0N9WiNnL9faW473jO9z1Z0'
set system login user admin authentication public-keys jafner425@gmail.com key AAAAB3NzaC1yc2EAAAADAQABAAAEAQCyolGiQAOvyKZ9GtPx2FbKwdt8twLuKs8l0+o3QVZsS5NCG4pX6GXuH8GspmHSedy4yfgVBN0NlOoVPpwxGslZZ5BLkOyhfcoiayPMbYyEpyiujcmnIUlNLI04otz7Ucqhopy+DC/+UpLTMqgnlevWDJW5YgYNAInPFNP7cIJ//sjimisP/su0n4DTzq/1WDUHN+Pk2LKw9P6NnAyk+RhSAH2v5Z/sq0FjUVxe57oNnCGec8KzVsxvI3PP44ax17n8MIyZlXhDa41+1u/LsE9oHSeidaWz8S8IZaRQbUkdtaViiOL+JS55ZOut11cmEOBTsXgmwEH9d1gLS5NKukwTDruBjznqJDXuFlcoRvHIYOTbBXVBDzI710kX7hucks/XZuUhXuOsO0hqQjqAJFX/LKbeR/XN+7AvuGIy25bslZu3/HUdL9UYhenm/AJL5YtUKRsLIeznRyHJcJ8905qgMIELRVWYxTDlekbsL5rNzrRSJ4+gV9Y5TFe1uxRaqqGiuyJ1T7/R2++z+p+sYoBJOY+vehUul7CtaYeVe7FUGuJzWHylkmkOMSJQb0XvjQWjFgSOstIf4MoFcRSfgztL4C2utDNayvR2XjLjRcaZnIzzAkBweY/g0Y0Jnnjk+dmnKWeoDHUXOT/GHGi/KfL4lwnQFRtS8x6M52sX417Of9K14ljILaHESJibjPN2jWboQdvTw0PFhbr72jr6+rhayuiP3n+5rENtDxwPlfYdSsCdgVyg7HC/2F6ZL5QHXctJFjIswMdJds+3pHnb7l5d4TiRdBQNQGVv7pYYfZdyqMGk5sdKXBzn/uS1a0SRqzJAhgH6nA67HfuBKq2xwu86hlOnc6hsFuehXAweaZ/UvTBiCE+4oYokAyHcpHsjOYqTmK6rSTTfGQ3Yc8zgD5vGb04tGRMVFA0+uQSrcBeIidxFZA1pbrMuDGDQDqtevIyna+rN958IWjCMvs8O+wro4SFYKAHYOkaBW0syQl1m/GKePcDJR6rkLx8eLrr6jaj4rHAS5fVJVYOpPIkrnfI5kTvnuRqJTH9NIaan3q4+6mAQ1prBqrtO2RUWcdmfkuVuUapDcqhgqGQqzsaKNWjsiCr21CPnYuj8pYItyJziF2VGS5oci2feCxWwbqqW8WUXZha7PnhQaIIiv7vyIo/JVWKK12v8UfeFRiRL73JOfFdtRCWldQxF2yRTt5gFxObCPQj5oSj1+Buc/IzQwqkKxeKpjUdtYt1RjsU3rJR1JDjEhrbbN/LZg986wkxrsLVqQmsXxSniai2X4vN+9KZu4kcg8Crk4g29+L0Snj0P7PQ61SXT3HMZxp5T2jLvekwLyn9yIKl75IiQSdgp+DIv
set system login user admin authentication public-keys jafner425@gmail.com type ssh-rsa
set system login user admin authentication public-keys joey@joey-server key AAAAB3NzaC1yc2EAAAADAQABAAACAQDOCCXndD7BbVmUHsYEkVLobZVBbZ8mgHjpKreUSsyZLah9Et2VxzATOh1bnXwapHu137h/cMeBDBPD3AfoCT3njd/mvVZB3INkyS8mPoFuwYViHmlW2L+6Bv5kGiMpjK/G5lPkKLsA79bTMu2kuAM6usslap3hEdwNW0vK3a+feM1RSwxirQmDXq4WRmsY9r4Md9wIfxLaezy0l0oK8k7xqMeiLrqMsrpsDOVV5Cb7iyufDqEx4QbicosrMD+C4Mql8ptdOYVj86jOND9lcpoqujOQWD2k8Cvl/zdoWY3ZG7duZjD9NYFgvM7F62LM5p7t5iNicxcegCqdZmFR5+ueZtoIn6BpCT4cvAWHSipRuvNmAWaQBnfr/NKh4H2QF0wJluDkG+wTrJPjH9FmK4sUHdOx+rqZ4iWhhZ7a2c4wNgm9i+UHoh//MPSvWOC5lQ97FvTUVBmE8BiWh8tZ82SxjSUtWaYPGZEmJvEIVXus70aY8Rwelxn9gXTwLlzRZl+0G7XOQia1EIj8VnUtPtWMxHeI09klOP1BRUVSRXBGOvz1UjbHIAEYvnxkTiW5LG1xxJopUQ3QiyDDERBbelLtM3iBIRFbVlFcqyIG3OsZaR90LwngBFIMtPZrv3vWTg3YdtMDw7uW1SVHHBDfxEc9cSBYQinVGupUmyztTLkM4Q==
set system login user admin authentication public-keys joey@joey-server type ssh-rsa
set system login user admin level admin
set system name-server 127.0.0.1
set system name-server 1.1.1.1
set system name-server 1.0.0.1
set system ntp server 0.ubnt.pool.ntp.org
set system ntp server 1.ubnt.pool.ntp.org
set system ntp server 2.ubnt.pool.ntp.org
set system ntp server 3.ubnt.pool.ntp.org
set system offload hwnat enable
set system package repository stretch components 'main contrib non-free'
set system package repository stretch distribution stretch
set system package repository stretch password ''
set system package repository stretch url 'http://http.us.debian.org/debian'
set system package repository stretch username ''
set system syslog global facility all level notice
set system syslog global facility protocols level debug
set system time-zone America/Los_Angeles

407
router/config/old-config.boot Normal file
View File

@ -0,0 +1,407 @@
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 30 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
options {
mss-clamp {
mss 1412
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
description "Internet (PPPoE)"
duplex auto
pppoe 0 {
default-route auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
mtu 1492
name-server auto
password ****************
user-id hafnerjoseph
}
speed auto
}
ethernet eth1 {
address 192.168.2.1/24
description Local
duplex auto
speed auto
}
ethernet eth2 {
description "Local 2"
duplex auto
speed auto
}
ethernet eth3 {
description "Local 2"
duplex auto
speed auto
}
ethernet eth4 {
description "Local 2"
duplex auto
speed auto
}
ethernet eth5 {
description "Local 2"
duplex auto
speed auto
}
ethernet eth6 {
description "Local 2"
duplex auto
speed auto
}
ethernet eth7 {
description "Local 2"
duplex auto
speed auto
}
ethernet eth8 {
description "Local 2"
duplex auto
speed auto
}
ethernet eth9 {
description "Local 2"
duplex auto
poe {
output 24v
}
speed auto
}
loopback lo {
}
switch switch0 {
address 192.168.1.1/24
description "Local 2"
mtu 1500
switch-port {
interface eth2 {
}
interface eth3 {
}
interface eth4 {
}
interface eth5 {
}
interface eth6 {
}
interface eth7 {
}
interface eth8 {
}
interface eth9 {
}
vlan-aware disable
}
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface switch0
rule 1 {
description Plex
forward-to {
address 192.168.1.23
}
original-port 32400
protocol tcp_udp
}
rule 2 {
description BitTorrent
forward-to {
address 192.168.1.21
}
original-port 51000-51999
protocol tcp_udp
}
rule 3 {
description WireGuard
forward-to {
address 192.168.1.23
}
original-port 53820-53829
protocol tcp_udp
}
rule 4 {
description Minecraft
forward-to {
address 192.168.1.23
port 25565
}
original-port 25565
protocol tcp_udp
}
rule 5 {
description Iperf
forward-to {
address 192.168.1.23
}
original-port 50201
protocol tcp_udp
}
rule 6 {
description https,http
forward-to {
address 192.168.1.23
}
original-port 443,80
protocol tcp_udp
}
rule 7 {
description "Peertube Live"
forward-to {
address 192.168.1.23
port 22
}
original-port 1935
protocol tcp_udp
}
rule 8 {
description "Git SSH"
forward-to {
address 192.168.1.23
}
original-port 2228-2229
protocol tcp_udp
}
rule 9 {
description SFTP
forward-to {
address 192.168.1.23
}
original-port 23450
protocol tcp_udp
}
rule 10 {
description Terraria
forward-to {
address 192.168.1.100
port 7777
}
original-port 50777
protocol tcp_udp
}
rule 11 {
description BitTorrent
forward-to {
address 192.168.1.23
}
original-port 50000
protocol tcp_udp
}
wan-interface pppoe0
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN1 {
authoritative enable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 1.1.1.1
dns-server 1.0.0.1
domain-name local
lease 86400
start 192.168.1.100 {
stop 192.168.1.254
}
static-mapping U6-Lite {
ip-address 192.168.1.3
mac-address 78:45:58:67:87:14
}
static-mapping UAP-AC-LR {
ip-address 192.168.1.2
mac-address 18:e8:29:50:f7:5b
}
static-mapping joey-nas {
ip-address 192.168.1.10
mac-address 40:8d:5c:52:41:89
}
static-mapping joey-seedbox {
ip-address 192.168.1.21
mac-address 24:4b:fe:57:bc:85
}
static-mapping joey-server {
ip-address 192.168.1.23
mac-address 24:4b:fe:8b:f3:b0
}
static-mapping joeyPrinter {
ip-address 192.168.1.60
mac-address 9c:32:ce:7c:f8:25
}
static-mapping pihole {
ip-address 192.168.1.22
mac-address b8:27:eb:3c:8e:bb
}
static-mapping tasmota-1 {
ip-address 192.168.1.50
mac-address 3C:61:05:F6:44:1E
}
static-mapping tasmota-2 {
ip-address 192.168.1.51
mac-address 3c:61:05:f6:d7:d3
}
static-mapping tasmota-3 {
ip-address 192.168.1.52
mac-address 3c:61:05:f6:f0:62
}
}
}
shared-network-name LAN2 {
authoritative enable
subnet 192.168.2.0/24 {
default-router 192.168.2.1
dns-server 192.168.2.1
lease 86400
start 192.168.2.38 {
stop 192.168.2.243
}
}
}
static-arp disable
use-dnsmasq enable
}
dns {
forwarding {
cache-size 150
listen-on switch0
name-server 192.168.1.1
name-server 1.1.1.1
name-server 1.0.0.1
options strict-order
system
}
}
gui {
http-port 8080
https-port 4433
older-ciphers enable
}
nat {
rule 5010 {
description "masquerade for WAN"
outbound-interface pppoe0
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
unms {
disable
}
}
system {
domain-name local
host-name ubnt
login {
user admin {
authentication {
encrypted-password ****************
public-keys jafner425@gmail.com {
key ****************
type ssh-rsa
}
public-keys joey@joey-server {
key ****************
type ssh-rsa
}
}
level admin
}
}
name-server 127.0.0.1
name-server 1.1.1.1
name-server 1.0.0.1
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat enable
}
package {
repository stretch {
components "main contrib non-free"
distribution stretch
password ****************
url http://http.us.debian.org/debian
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone America/Los_Angeles
}