Jafner/homelab
1
1
Fork 0
Code Issues 15 Pull Requests Actions Packages Projects Releases Wiki Activity

Update new config with mss clamp

Browse Source
This commit is contained in:
Joey Hafner 2022-07-31 21:39:37 -07:00
parent 6dd3177e01
commit 9ce761daaf
1 changed files with 91 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

159
router/config/new-config.boot
View File

@ -43,23 +43,12 @@ firewall {
} }
} }
} }
options {
mss-clamp {
mss 1200
}
}
receive-redirects disable receive-redirects disable
send-redirects enable send-redirects enable
source-validation disable source-validation disable
syn-cookies enable syn-cookies enable
} }
interfaces { interfaces {
ethernet eth0 {
description "Emergency ad-hoc"
address 192.168.200.1/24
duplex auto
speed auto
}
bridge br0 { bridge br0 {
address 192.168.1.1/24 address 192.168.1.1/24
member { member {
@ -69,34 +58,62 @@ interfaces {
} }
} }
} }
ethernet eth0 {
address 192.168.200.1/24
description "Emergency ad-hoc"
duplex auto
hw-id d4:3d:7e:94:6e:eb
speed auto
}
ethernet eth1 { ethernet eth1 {
description "Primary Switch" description "Primary Switch"
duplex auto duplex auto
speed auto hw-id 00:15:17:b8:dc:28
offload { offload {
sg sg
tso tso
} }
speed auto
} }
ethernet eth2 { ethernet eth2 {
description "PoE Switch for WAPs" description "PoE Switch for WAPs"
duplex auto duplex auto
hw-id 00:15:17:b8:dc:29
offload {
sg
tso
}
speed auto speed auto
}
ethernet eth3 {
description "Reserved for multi-gig switch"
hw-id 00:15:17:b8:dc:2a
offload { offload {
sg sg
tso tso
} }
} }
ethernet eth3 {
description "Reserved for multi-gig switch"
disabled
}
ethernet eth4 { ethernet eth4 {
description "Internet (PPPoE)"
address dhcp address dhcp
description "Internet (PPPoE)"
duplex auto duplex auto
pppoe 0 { hw-id 00:15:17:b8:dc:2b
default-route auto ip {
adjust-mss 1200
}
offload {
sg
tso
}
speed auto
}
loopback lo {
}
pppoe pppoe0 {
authentication {
password ****************
user hafnerjoseph
}
firewall { firewall {
in { in {
name WAN_IN name WAN_IN
@ -106,136 +123,130 @@ interfaces {
} }
} }
mtu 1492 mtu 1492
name-server none no-peer-dns
password 24ydrUYs source-interface eth4
user-id hafnerjoseph
}
speed auto
}
loopback lo {
} }
} }
nat { nat {
destination { destination {
rule 101 { rule 101 {
description "https,http" description https,http
inbound-interface eth4
destination { destination {
port 443,80 port 443,80
} }
inbound-interface eth4
protocol tcp_udp
translation { translation {
address 192.168.1.23 address 192.168.1.23
} }
protocol tcp_udp
} }
rule 102 { rule 102 {
description "Plex" description Plex
inbound-interface eth4
destination { destination {
port 32400 port 32400
} }
inbound-interface eth4
protocol tcp_udp
translation { translation {
address 192.168.1.23 address 192.168.1.23
} }
protocol tcp_udp
} }
rule 103 { rule 103 {
description "BitTorrent" description BitTorrent
inbound-interface eth4
destination { destination {
port 50000 port 50000
} }
inbound-interface eth4
protocol tcp_udp
translation { translation {
address 192.168.1.23 address 192.168.1.23
} }
protocol tcp_udp
} }
rule 104 { rule 104 {
description "WireGuard" description WireGuard
inbound-interface eth4
destination { destination {
port 53820-53829 port 53820-53829
} }
inbound-interface eth4
protocol tcp_udp
translation { translation {
address 192.168.1.23 address 192.168.1.23
} }
protocol tcp_udp
} }
rule 105 { rule 105 {
description "Minecraft" description Minecraft
inbound-interface eth4
destination { destination {
port 25565 port 25565
} }
inbound-interface eth4
protocol tcp_udp
translation { translation {
address 192.168.1.23 address 192.168.1.23
} }
protocol tcp_udp
} }
rule 106 { rule 106 {
description "Iperf" description Iperf
inbound-interface eth4
destination { destination {
port 50201 port 50201
} }
inbound-interface eth4
protocol tcp_udp
translation { translation {
address 192.168.1.23 address 192.168.1.23
} }
protocol tcp_udp
} }
rule 107 { rule 107 {
description "PeerTube Live" description "PeerTube Live"
inbound-interface eth4
destination { destination {
port 1935 port 1935
} }
inbound-interface eth4
protocol tcp_udp
translation { translation {
address 192.168.1.23 address 192.168.1.23
} }
protocol tcp_udp
} }
rule 108 { rule 108 {
description "Git SSH" description "Git SSH"
inbound-interface eth4
destination { destination {
port 2228-2229 port 2228-2229
} }
inbound-interface eth4
protocol tcp_udp
translation { translation {
address 192.168.1.23 address 192.168.1.23
} }
protocol tcp_udp
} }
rule 109 { rule 109 {
description "SFTP" description SFTP
inbound-interface eth4
destination { destination {
port 23450 port 23450
} }
inbound-interface eth4
protocol tcp_udp
translation { translation {
address 192.168.1.23 address 192.168.1.23
} }
protocol tcp_udp
} }
rule 110 { rule 110 {
description "Terraria" description Terraria
inbound-interface eth4
destination { destination {
port 50777 port 50777
} }
inbound-interface eth4
protocol tcp_udp
translation { translation {
address 192.168.1.100 address 192.168.1.100
port 7777 port 7777
} }
protocol tcp_udp
} }
} }
source { source {
rule 1000 { rule 1000 {
desription "NAT Reflection: Switch1"
outbound-interface eth1
destination { destination {
address 192.168.1.0/24 address 192.168.1.0/24
} }
outbound-interface eth1
source { source {
address 192.168.1.0/24 address 192.168.1.0/24
} }
@ -244,11 +255,10 @@ nat {
} }
} }
rule 1001 { rule 1001 {
desription "NAT Reflection: Switch2"
outbound-interface eth2
destination { destination {
address 192.168.1.0/24 address 192.168.1.0/24
} }
outbound-interface eth2
source { source {
address 192.168.1.0/24 address 192.168.1.0/24
} }
@ -257,11 +267,10 @@ nat {
} }
} }
rule 1002 { rule 1002 {
desription "NAT Reflection: Switch3"
outbound-interface eth3
destination { destination {
address 192.168.1.0/24 address 192.168.1.0/24
} }
outbound-interface eth3
source { source {
address 192.168.1.0/24 address 192.168.1.0/24
} }
@ -274,15 +283,14 @@ nat {
service { service {
dhcp-server { dhcp-server {
shared-network-name LAN1 { shared-network-name LAN1 {
authoritative
domain-name local domain-name local
domain-search local domain-search local
name-server 1.1.1.1 name-server 1.1.1.1
name-server 1.0.0.1 name-server 1.0.0.1
ping-check enable
authoritative enable
subnet 192.168.1.0/24 { subnet 192.168.1.0/24 {
lease 86400
default-router 192.168.1.1 default-router 192.168.1.1
lease 86400
range 1 { range 1 {
start 192.168.1.100 start 192.168.1.100
stop 192.168.1.254 stop 192.168.1.254
@ -332,6 +340,8 @@ service {
} }
dns { dns {
forwarding { forwarding {
allow-from 0.0.0.0/0
allow-from ::/0
cache-size 1000000 cache-size 1000000
listen-address 192.168.1.1 listen-address 192.168.1.1
name-server 192.168.1.1 name-server 192.168.1.1
@ -340,22 +350,21 @@ service {
system system
} }
} }
ssh {
port 22
protocol-version v2
disable-password-authentication
}
monitoring { monitoring {
telegraf { telegraf {
prometheus-client { prometheus-client {
} }
} }
} }
ssh {
disable-password-authentication
port 22
}
} }
system { system {
commit-revision 100 config-management {
commit-revisions 200
}
conntrack { conntrack {
modules { modules {
ftp ftp
@ -376,22 +385,22 @@ system {
login { login {
user vyos { user vyos {
authentication { authentication {
encrypted-password $5$j8QJRFCpc2Pc90kV$AA7DbPJldnwMlahDbbFWf0N9WiNnL9faW473jO9z1Z0 encrypted-password ****************
public-keys jafner425@gmail.com { public-keys jafner425@gmail.com {
key AAAAB3NzaC1yc2EAAAADAQABAAAEAQCyolGiQAOvyKZ9GtPx2FbKwdt8twLuKs8l0+o3QVZsS5NCG4pX6GXuH8GspmHSedy4yfgVBN0NlOoVPpwxGslZZ5BLkOyhfcoiayPMbYyEpyiujcmnIUlNLI04otz7Ucqhopy+DC/+UpLTMqgnlevWDJW5YgYNAInPFNP7cIJ//sjimisP/su0n4DTzq/1WDUHN+Pk2LKw9P6NnAyk+RhSAH2v5Z/sq0FjUVxe57oNnCGec8KzVsxvI3PP44ax17n8MIyZlXhDa41+1u/LsE9oHSeidaWz8S8IZaRQbUkdtaViiOL+JS55ZOut11cmEOBTsXgmwEH9d1gLS5NKukwTDruBjznqJDXuFlcoRvHIYOTbBXVBDzI710kX7hucks/XZuUhXuOsO0hqQjqAJFX/LKbeR/XN+7AvuGIy25bslZu3/HUdL9UYhenm/AJL5YtUKRsLIeznRyHJcJ8905qgMIELRVWYxTDlekbsL5rNzrRSJ4+gV9Y5TFe1uxRaqqGiuyJ1T7/R2++z+p+sYoBJOY+vehUul7CtaYeVe7FUGuJzWHylkmkOMSJQb0XvjQWjFgSOstIf4MoFcRSfgztL4C2utDNayvR2XjLjRcaZnIzzAkBweY/g0Y0Jnnjk+dmnKWeoDHUXOT/GHGi/KfL4lwnQFRtS8x6M52sX417Of9K14ljILaHESJibjPN2jWboQdvTw0PFhbr72jr6+rhayuiP3n+5rENtDxwPlfYdSsCdgVyg7HC/2F6ZL5QHXctJFjIswMdJds+3pHnb7l5d4TiRdBQNQGVv7pYYfZdyqMGk5sdKXBzn/uS1a0SRqzJAhgH6nA67HfuBKq2xwu86hlOnc6hsFuehXAweaZ/UvTBiCE+4oYokAyHcpHsjOYqTmK6rSTTfGQ3Yc8zgD5vGb04tGRMVFA0+uQSrcBeIidxFZA1pbrMuDGDQDqtevIyna+rN958IWjCMvs8O+wro4SFYKAHYOkaBW0syQl1m/GKePcDJR6rkLx8eLrr6jaj4rHAS5fVJVYOpPIkrnfI5kTvnuRqJTH9NIaan3q4+6mAQ1prBqrtO2RUWcdmfkuVuUapDcqhgqGQqzsaKNWjsiCr21CPnYuj8pYItyJziF2VGS5oci2feCxWwbqqW8WUXZha7PnhQaIIiv7vyIo/JVWKK12v8UfeFRiRL73JOfFdtRCWldQxF2yRTt5gFxObCPQj5oSj1+Buc/IzQwqkKxeKpjUdtYt1RjsU3rJR1JDjEhrbbN/LZg986wkxrsLVqQmsXxSniai2X4vN+9KZu4kcg8Crk4g29+L0Snj0P7PQ61SXT3HMZxp5T2jLvekwLyn9yIKl75IiQSdgp+DIv key ****************
type ssh-rsa type ssh-rsa
} }
public-keys joey@joey-server { public-keys joey@joey-server {
key AAAAB3NzaC1yc2EAAAADAQABAAACAQDOCCXndD7BbVmUHsYEkVLobZVBbZ8mgHjpKreUSsyZLah9Et2VxzATOh1bnXwapHu137h/cMeBDBPD3AfoCT3njd/mvVZB3INkyS8mPoFuwYViHmlW2L+6Bv5kGiMpjK/G5lPkKLsA79bTMu2kuAM6usslap3hEdwNW0vK3a+feM1RSwxirQmDXq4WRmsY9r4Md9wIfxLaezy0l0oK8k7xqMeiLrqMsrpsDOVV5Cb7iyufDqEx4QbicosrMD+C4Mql8ptdOYVj86jOND9lcpoqujOQWD2k8Cvl/zdoWY3ZG7duZjD9NYFgvM7F62LM5p7t5iNicxcegCqdZmFR5+ueZtoIn6BpCT4cvAWHSipRuvNmAWaQBnfr/NKh4H2QF0wJluDkG+wTrJPjH9FmK4sUHdOx+rqZ4iWhhZ7a2c4wNgm9i+UHoh//MPSvWOC5lQ97FvTUVBmE8BiWh8tZ82SxjSUtWaYPGZEmJvEIVXus70aY8Rwelxn9gXTwLlzRZl+0G7XOQia1EIj8VnUtPtWMxHeI09klOP1BRUVSRXBGOvz1UjbHIAEYvnxkTiW5LG1xxJopUQ3QiyDDERBbelLtM3iBIRFbVlFcqyIG3OsZaR90LwngBFIMtPZrv3vWTg3YdtMDw7uW1SVHHBDfxEc9cSBYQinVGupUmyztTLkM4Q== key ****************
type ssh-rsa type ssh-rsa
} }
} }
level admin
} }
} }
name-server 192.168.1.1 name-server 192.168.1.1
name-server 1.1.1.1 name-server 1.1.1.1
name-server 1.0.0.1 name-server 1.0.0.1
name-server eth4
ntp { ntp {
server time-a-wwv.nist.gov { server time-a-wwv.nist.gov {
} }